header-logo
Suggest Exploit
vendor:
Unknown
by:
milw0rm.com
7,8
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: Unknown
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: YES
Related CWE: CVE-2009-2698
CPE: Unknown
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: x86/x64
2009

CVE-2009-2698 udp_sendmsg()

This exploit is a bit more nuanced and thoughtful. It is a buffer overflow vulnerability in the udp_sendmsg() function on x86/x64 architectures. It was discovered by Julien/Tavis and p0c73n1.

Mitigation:

The exploit can be mitigated by applying the patch provided by the vendor.
Source

Exploit-DB raw data:

/* second verse, same as the first
   CVE-2009-2698 udp_sendmsg(), x86/x64
   Cheers to Julien/Tavis for the bug, p0c73n1 for just throwing code at 
   NULL and finding it executed
   This exploit is a bit more nuanced and thoughtful ;)
   use ./therebel.sh for everything

   At this moment, when each of us must fit an arrow to his bow and 
   enter the lists anew, to reconquer, within history and in spite of it,
   that which he owns already, the thin yield of his fields, the brief 
   love of the earth, at this moment when at last a man is born, it is 
   time to forsake our age and its adolescent furies.  The bow bends; 
   the wood complains.  At the moment of supreme tension, there will 
   leap into flight an unswerving arrow, a shaft that is inflexible and 
   free.  -Camus
*/

main: http://grsecurity.net/~spender/therebel.tgz
back: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/9574.tgz (2009-therebel.tgz)

# milw0rm.com [2009-09-02]