bing gethostbyaddr Buffer Overflow Vulnerability

bing is a freely available, open source software package written by Pierre Beyssac. The package is designed to calculate the capacity between two points by sending various sized ICMP packets and recording their return times.

A problem in bing can allow a local user to gain administrative privileges. A static buffer used to store the name of the host using a gethostbyaddr function is allocated a static 80 byte buffer in memory. It is possible for a user with control of their on IN-ADDR.arpa zone to create a custom crafted entry in their zone records, appended with shell code. Upon receiving the IN-ADDR entry, the buffer could overflow, overwriting stack variables up through the return address, and therefore executing the shellcode in the zone entry. This problem makes it possible for a user with malicious motives to gain elevated privleges on a vulnerable system, including administrative access.


 

Privacy Statement
Copyright 2010, SecurityFocus