Skip to content
Branch: master
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
4.kap
README.md

README.md

CVE-2004-1262

Experiment Environment

Ubuntu 11.04 or Ubuntu 14.04

INSTALL & Configuration

wget https://github.com/mudongliang/source-packages/raw/master/CVE-2004-1262/libbsb-0.0.6.tar.gz
tar -xvf libbsb-0.0.6.tar.gz
cd libbsb-0.0.6
./configure
make

Problems in Installation & Configuration

How to trigger vulnerability

./bsb2ppm 4.kap 4.ppm

One trick to get the right 4.kap poc file:

1. first copy the content from the webpage into one temp file - temp;
2. qprint -d temp 4.kap

PoCs

ilibbsb bsb2ppm Buffer Overflow in bsb_open_header() Lets Remote Users Execute Arbitrary Code

bsb2ppm 0.0.6 overflows line buffer

Vulnerability Details & Patch

Root Cause

In libbsb, in bsb_io.c, bsb_open_header() uses next_line() to copy a line of any length into a 1024-byte line[] buffer.

Stack Trace

References

qprint manpage

You can’t perform that action at this time.