Local stackbased overflow found in sill Poker v0.25.5 silly Poker contains an $HOME environment variable stack overflow, this can be exploited very simple to execute arbitrary code with gid=games privileges. demz demz@xxxxxxxxxx
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 01100011 - code 'security research team' - ---------------------------------------- - - http://www.c-code.net - - Advisory and PoC exploit by: demz // demz@xxxxxxxxxx - - Vulnerable source: silly Poker v0.25.5 - - Bug type: Stackoverflow - - Priority: 3 - ---------------------------------------- [01] Description [02] Vulnerable [03] Proof of concept [04] Vendor response [01] Description silly Poker is a simple yet comprehensive player vs. computer console poker game, written in C++. silly Poker contains an $HOME environment variable stack overflow, this can be exploited very simple to execute arbitrary code with gid=games privileges. [02] Vulnerable Vulnerable and exploitable version, tested on Debian 3.1: - silly Poker v0.25.5 Maybe also prior versions are vulnerable. Source can be found at: http://www.colby.edu/personal/k/kmradlof/sillypoker/ [03] Proof of concept peyote:/home/demz/audit$ ./c-sillyPoker silly Poker v0.25.5 local exploit ---------------------------------------- demz @ c-code.net -- sh-2.05a# A proof of concept exploit can be found at: http://www.c-code.net/Releases/Exploits/c-sillyPoker.c [04] Vendor response The vendor is informed. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE/eLePTfcKihbfHWwRAomtAJ9Ed63AGeVhBZI5D5Tuo9IZC7k8NQCdHwzs DBzstkA7yk/U9wl+S2wssw4= =KeFB -----END PGP SIGNATURE-----
Attachment:
c-sillyPoker.c
Description: Binary data