stack clash for NETBSD - CVE-2017-1000375 vulnerability from qualys

Open abbasally5 opened this issue 8 years ago • 2 comments

Signed-off-by: Gilad Oved [email protected]

Dec 03 '17 20:12 abbasally5

Hey, really appreciate the contribution. One thing though, I don't think that exploit ever performs code execution? I believe that's the PoC for the stack clash itself and seems to just be writing 'A' to the stack in order to clash with the heap.

In Qualys's disclosure document, they show the output of the PoC code:

$ sh -c 'ulimit -S -s `ulimit -H -s`; ./NetBSD_CVE-2017-1000375 0x04000000'
[1]   Segmentation fault      ./NetBSD_CVE-201...

Which does get seg fault, but no code execution with the PoC listed.

Dec 04 '17 15:12 spencerdodd

yeah sorry about that. would you still like the code to detect a BSD system?

Dec 06 '17 04:12 abbasally5