Local stackbased overflow found in sill Poker v0.25.5 silly Poker contains an $HOME environment variable stack overflow, this can be exploited very simple to execute arbitrary code with gid=games privileges. demz demz@xxxxxxxxxx
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
01100011 - code 'security research team'
- ----------------------------------------
- - http://www.c-code.net
- - Advisory and PoC exploit by: demz // demz@xxxxxxxxxx
- - Vulnerable source: silly Poker v0.25.5
- - Bug type: Stackoverflow
- - Priority: 3
- ----------------------------------------
[01] Description
[02] Vulnerable
[03] Proof of concept
[04] Vendor response
[01] Description
silly Poker is a simple yet comprehensive player vs. computer console
poker game, written in C++.
silly Poker contains an $HOME environment variable stack overflow,
this can be exploited very simple to execute arbitrary code with gid=games
privileges.
[02] Vulnerable
Vulnerable and exploitable version, tested on Debian 3.1:
- silly Poker v0.25.5
Maybe also prior versions are vulnerable.
Source can be found at:
http://www.colby.edu/personal/k/kmradlof/sillypoker/
[03] Proof of concept
peyote:/home/demz/audit$ ./c-sillyPoker
silly Poker v0.25.5 local exploit
---------------------------------------- demz @ c-code.net --
sh-2.05a#
A proof of concept exploit can be found at:
http://www.c-code.net/Releases/Exploits/c-sillyPoker.c
[04] Vendor response
The vendor is informed.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE/eLePTfcKihbfHWwRAomtAJ9Ed63AGeVhBZI5D5Tuo9IZC7k8NQCdHwzs
DBzstkA7yk/U9wl+S2wssw4=
=KeFB
-----END PGP SIGNATURE-----
Attachment:
c-sillyPoker.c
Description: Binary data