vendor:
Printoxx
by:
sandman, n4mdn4s [4T] gmail [D0T] com
3.3
CVSS
LOW
Buffer Overflow
119
CWE
Product Name: Printoxx
Affected Version From: <= 2.1.2
Affected Version To: <= 2.1.2
Patch Exists: NO
Related CWE: None
CPE: 2.1.2002
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Fedora 12
2009
Printoxx Local Buffer Overflow
Printoxx does not check the length of input filename/directory thus overwriting the buffer [1000 in size] with a call to strcpy. The affected code segment is shown below. Proof Of Concept: Image filename overflow: $ ./printoxx -i $(python -c 'print "A"*1000') Directory filename overflow: $ ./printoxx -f $(python -c 'print "A"*1000')
Mitigation:
Compile all executables on Red-Hat RHEL and Fedora systems with canaries enabled.