Exotic vulnerability
- From: joxeankoret <joxeankoret@xxxxxxxx>
- Date: Tue, 26 Jun 2007 11:23:28 -0700 (PDT)
Hi,
I'm trying to develop an exploit for a product in which I found a
vulnerability and that is the most "exotic" one I found. The following C
source recreates the vulnerability:
#include <stdio.h>
void func(int var)
{
__asm__("mov (%eax), %eax");
__asm__("call *%eax");
return;
}
int main(int argc, char *argv[])
{
int i;
printf("Value is 0x%x\n", atoi(argv[1]));
i = atoi(argv[1]);
func(i);
}
When the process calls the function "func" EAX has the value stored in the
variable "i", next the process makes the call "mov (%eax), %eax" and next
calls %eax. I have not be found a way to exploit it.
Any ideas in how can be exploited to execute arbitrary code? BTW, I'm trying
to exploit it under Linux x86.
Thanks!
Joxean Koret
--
View this message in context: http://www.nabble.com/Exotic-vulnerability-tf3983982.html#a11311064
Sent from the Vulnerability Development mailing list archive at Nabble.com.
- Follow-Ups:
- Re: Exotic vulnerability
- From: Thomas Pollet
- Re: Exotic vulnerability
- Prev by Date: Re: creating a "cc" opcode from ASCII shell code
- Next by Date: Re: Exotic vulnerability
- Previous by thread: creating a "cc" opcode from ASCII shell code
- Next by thread: Re: Exotic vulnerability
- Index(es):
Relevant Pages
|
