Skip to content
Branch: master
Find file History
Pull request Compare This branch is 1 commit ahead, 3 commits behind mudongliang:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
22.S.zip
README.md

README.md

CVE-2004-1287

Experiment Environment

CentOS 6.4

Ubuntu 14.04

INSTALL & Configuration

wget https://github.com/mudongliang/source-packages/raw/master/CVE-2004-1287/nasm-0.98.38.tar.bz2

tar -xvf nasm-0.98.38.tar.bz2
cd nasm-0.98.38

./configure
make

Problems in Installation & Configuration

How to trigger vulnerability

unzip 22.S.zip
./nasm-0.98.38/nasm 22.S

PoCs

NASM 0.98.x - Error Preprocessor Directive Buffer Overflow

securityfocus

Vulnerability Details & Patch

Root Cause

preproc.c:4070

    vsprintf(buff, fmt, arg);

Stack Trace

(gdb) info stack
#0  0xbfbff430 in ?? ()
#1  0xbfbff430 in ?? ()
#2  0xbfbff430 in ?? ()

References

You can’t perform that action at this time.