Linux XFBurn Stack-based Buffer Overflow
Posted on 30 November -0001
<HTML><HEAD><TITLE>Linux XFBurn Stack-based Buffer Overflow</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>################ #Exploit Title: Linux XFBurn Stack-based Buffer Overflow #Type: CWE-121 #Exploit Author: Hosein Askari (FarazPajohan) #Vendor HomePage: http://goodies.xfce.org/projects/applications/xfburn #Version : 0.5.4 #Tested on: Ubuntu 17.04 #Date: 24-03-2017 #Category: Application #Author Mail : hosein.askari@aol.com #Description: This application isn't checking the return value of fopen() before using it. fopen() is failing here, returning NULL, and then NULL is passed as the stream to fprintf() #resulting Segmentation Fault. ################# The kernel output | dmesg : [ 2963.870884] xfburn[3739]: segfault at 0 ip 00007f1c9255f6f8 sp 00007ffd53ac2e70 error 4 in libc-2.23.so[7f1c924f1000+1bf000] ################# The GDB output: Thread 1 "xfburn" received signal SIGSEGV, Segmentation fault. __GI__IO_fwrite (buf=0x555555584510, size=1, count=40, fp=0x0) at iofwrite.c:37 #################</BODY></HTML>