Exploiting Security Issues

99% of the time when you discover a security problem in a program documenting it is sufficient for your report to be read, understood and accepted.

However there are times when somebody will be skeptical of a report, and on those times having a working script to exploit a weakness will focus their attention.

Many of the earlier problems I reported fell into two simple classes:

Missing bounds checks on environment variable usage.
Missing bounds checks when copying command line arguments.

Rather than code exploits for each particular target I came up with a generic approach, two command line tools which would attempt to exploit these problems in a simple fashion.

If you would like more details I'd suggest reading Smashing the stack for fun & profit.

cmd-overflow

The cmd-overflow tool is designed to automatically exploit vulnerable code which involves copying the contents of a command line argument into a fixed sized buffer.

Vulnerable code typically looks like this:
int main( int argc, char *argv[] )
{
   char buffer[1024];
   ...
   sprintf( buffer, "/etc/%s", argv[ 1 ] );
   ...
   return 1;
}

env-overflow

The env-overflow tool is designed to automatically exploit vulnerable code which involves copying the contents of an environmental variable into a fixed sized buffer, with no bounds checking.

Vulnerable code looks like this:
void someFunction( )
{
   char buffer[ 256 ];
   ..
   sprintf( buffer, "%s/.foorc", getenv( "HOME" ) );
   ..
}

Download

cmd-overflow.c

env-overflow.c

[ Sitemap | Contact Me | Reward me | Edinburgh Amateur Photography ]

Steve.org.uk

Exploiting Security Issues

cmd-overflow

env-overflow

Download