CVE-2005-4807

Experiment Environment

Ubuntu 14.04 LTS

INSTALL & Configuration

wget https://github.com/mudongliang/source-packages/raw/master/CVE-2005-4807/binutils-2.12.tar.gz

tar -xvf binutils-2.12.tar.gz
cd binutils-2.12

./configure
make

Problems in Installation & Configuration

/usr/bin/msgfmt: not found

Solution:

Run apt-get install gettext

/usr/bin/ld: cannot find -lfl

Solution:

Run apt-get install flex

How to trigger vulnerability

sh gas_poc.sh > exploit.c
gcc -S -o exploit.s exploit.c
./binutils-2.12/gas/as-new exploit.s

PoCs

GNU BinUtils 2.1x - GAS Buffer Overflow

securityfocus

Vulnerability Patch

Root Cause

gas/message.c:349

	vsprintf (buffer, format, args);

Stack Trace

#0  0x08058e31 in as_bad (format=Cannot access memory at address 0xbfffeacc
) at messages.c:344
#1  0x90909090 in ?? ()
#2  0x90909090 in ?? ()
#3  0x90909090 in ?? ()

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

CVE-2005-4807

Experiment Environment

INSTALL & Configuration

Problems in Installation & Configuration

How to trigger vulnerability

PoCs

Vulnerability Patch

Root Cause

Stack Trace

References

Files

README.md

Latest commit

History

README.md

File metadata and controls

CVE-2005-4807

Experiment Environment

INSTALL & Configuration

Problems in Installation & Configuration

How to trigger vulnerability

PoCs

Vulnerability Patch

Root Cause

Stack Trace

References