cpio RCE Exploit Caused by Integer Overflow

bug-cpio

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

cpio RCE Exploit Caused by Integer Overflow

From:	Maverick Chung
Subject:	cpio RCE Exploit Caused by Integer Overflow
Date:	Fri, 6 Aug 2021 20:15:00 +0000

Hello,

Qiaoyi Fang (cc'ed) and I are both CS students at Duke, and we've discovered an RCE exploit in cpio, caused by an integer overflow in ds_fgetstr. We've created the exploit on cpio 2.13, on the version the current kali-rolling. We've attached a bug report containing all the details, as well as the files necessary to reproduce the exploit. Additionally, we've recorded the exploit here: https://youtu.be/F0yKJhu7Vak.

Please let us know if you have any questions. Thank you!

Sincerely,

Maverick Chung and Qiaoyi Fang

cpiopwn-files.zip
Description: cpiopwn-files.zip

cpio-bug-report.pdf
Description: cpio-bug-report.pdf

[Prev in Thread]

Current Thread

[Next in Thread]

cpio RCE Exploit Caused by Integer Overflow, Maverick Chung <=
- Re: cpio RCE Exploit Caused by Integer Overflow, Maverick Chung, 2021/08/06
- Re: cpio RCE Exploit Caused by Integer Overflow, Sergey Poznyakoff, 2021/08/07
  - Re: cpio RCE Exploit Caused by Integer Overflow, Salvatore Bonaccorso, 2021/08/11
    - Re: cpio RCE Exploit Caused by Integer Overflow, Sergey Poznyakoff, 2021/08/11
- Re: cpio RCE Exploit Caused by Integer Overflow, Juerg Haefliger, 2021/08/17
  - Re: cpio RCE Exploit Caused by Integer Overflow, Sergey Poznyakoff, 2021/08/17
    - Re: cpio RCE Exploit Caused by Integer Overflow, Salvatore Bonaccorso, 2021/08/21
    - Re: cpio RCE Exploit Caused by Integer Overflow, Sergey Poznyakoff, 2021/08/21
    - Re: cpio RCE Exploit Caused by Integer Overflow, Salvatore Bonaccorso, 2021/08/21
- Re: cpio RCE Exploit Caused by Integer Overflow, Diederik de Haas, 2021/08/17

Next by Date: Re: cpio RCE Exploit Caused by Integer Overflow
Next by thread: Re: cpio RCE Exploit Caused by Integer Overflow
Index(es):
- Date
- Thread