Skip to content
Branch: master
Find file History
Pull request Compare This branch is 1 commit ahead, 3 commits behind mudongliang:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
README.md
exp

README.md

CVE-2006-2362

Experiment Environment

Ubuntu 14.04 LTS

INSTALL & Configuration

wget https://github.com/mudongliang/source-packages/raw/master/CVE-2006-2362/binutils-2.15.tar.bz2

tar -xvf binutils-2.15.tar.bz2
cd binutils-2.15

./configure
make

Problems in Installation & Configuration

How to trigger vulnerability

./binutils-2.15/binutils/strings exp

PoCs

GNU BinUtils 2.1x - Buffer Overflow

securityfocus

Vulnerability Details & Patch

Root Cause

bfd/tekhex.c:414

      len = getsym (sym, &src);

Stack Trace

(gdb) info stack
#0  0x0804f0f3 in bfd_hash_lookup (table=0x1050, string=0xbfeea5cb "253Cc%253Cc%253Cc%253Cc%253Cc%2", create=0, 
    copy=0) at hash.c:384
#1  0x0804e9cb in bfd_get_section_by_name (abfd=0x1000, name=0xbfeea5cb "253Cc%253Cc%253Cc%253Cc%253Cc%2")
    at section.c:795
#2  0x08051e47 in first_phase (abfd=0x1000, type=0, src=0xbfeea60e "") at tekhex.c:415

References

You can’t perform that action at this time.