Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:12831
HistoryMay 26, 2006 - 12:00 a.m.

tiffsplit (libtiff <= 3.8.2) bss & stack buffer overflow...

2006-05-2600:00:00
vulners.com
7

Affected product: tiffsplit (libtiff <= 3.8.2)

tiffsplit from libtiff (http://www.remotesensing.org/libtiff/&#41;
is vulnerable to a bss-based and stack-based overflow, but, I just
wrote the concept c0de for stack-based b0f 'cause I don't know how
to take advantage of the overwritten bss data (after the overflow,
that data is overwritten again correctly by a program' function).

.bss section is in higher addresses than .dtors section, so, we
can't hijack .dtors to…

Whatever…

Bug discovered @ 10/05/06, lazyness… lazyness… PoC @ 13/05/06
…Violence against my laptop… Published @ 23/05/06…

Tested & Worked on Musix Linux, Fedora Core 3 and Ubuntu Linux…
NOTE: my p0c is so lame (not reliable)…

PoC: http://www.genexx.org/nitrous/code/PoCs/tiffspl33t/tiffspl33t.tar.gz

nitr0us <nitrousenador[at]gmail[dot]com>