ssldump Format String Vulnerability
BID:2096
Info
ssldump Format String Vulnerability
| Bugtraq ID: | 2096 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2001-0032 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 11 2000 12:00AM |
| Updated: | Jul 11 2009 03:56AM |
| Credit: | This vulnerability was first announced on Bugtraq by c0ncept <[email protected]> on December 8, 2000. |
| Vulnerable: |
Eric Rescorla ssldump 0.9 b1 |
| Not Vulnerable: | |
Discussion
ssldump Format String Vulnerability
ssldump is a traffic analyzer for monitoring network traffic in real time. It is written and maintained by Eric Rescorla. A problem exists which could allow the arbitrary execution of code.
The problem exists in the ssldump handling of format strings. ssldump requires elevated privileges to listen to traffic crossing the network interface. While monitoring traffic, the encounter of format strings in a URL will cause the program to segmentation fault. Potentially, this could lead to the overwriting of stack variables and arbitrary execution of code with administrative access, if exploited by a malicious user.
ssldump is a traffic analyzer for monitoring network traffic in real time. It is written and maintained by Eric Rescorla. A problem exists which could allow the arbitrary execution of code.
The problem exists in the ssldump handling of format strings. ssldump requires elevated privileges to listen to traffic crossing the network interface. While monitoring traffic, the encounter of format strings in a URL will cause the program to segmentation fault. Potentially, this could lead to the overwriting of stack variables and arbitrary execution of code with administrative access, if exploited by a malicious user.
Exploit / POC
ssldump Format String Vulnerability
From the original advisory sent by c0ncept <[email protected]> :
1) Run SSLDUMP (needs you to be root unless setuid)
2)Open Up Netscape Navigator it)
3) Type the following in Netscape Navigator: fixme:%s%s%s%s%s%s
4) watch as ssldump with gather the traffic then segfault..
From the original advisory sent by c0ncept <[email protected]> :
1) Run SSLDUMP (needs you to be root unless setuid)
2)Open Up Netscape Navigator it)
3) Type the following in Netscape Navigator: fixme:%s%s%s%s%s%s
4) watch as ssldump with gather the traffic then segfault..
Solution / Fix
ssldump Format String Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
ssldump Format String Vulnerability
References:
References: