Building a remote buffer overflow for the Snort 2.6.1 DCE/RPC flaw

Published: 2007-03-07
Last Updated: 2007-03-07 13:35:22 UTC
by Arrigo Triulzi (Version: 1)
0 comment(s)
Every so often I get asked about buffer overflow research in practice and for once there is a lengthy, worked-out example for me to point at.

Trirat Puttaraksa recently blogged in two parts his work in turning the Snort 2.6.1 DCE/RPC flaw into a working exploit. The first part discusses the "easy bit", that is to say how to turn the vulnerability into a denial-of-service attack whereas the second part discusses how to exploit it to actually execute code.

It is a very thorough write-up, including pretty pictures explaining how he uses the Snort source code to figure out the layout of the packets he is going to send, the setup of the packets to ensure that he triggers the fault and, in part 2, how to inject the payload to execute.  The final result is that he runs calc.exe from Snort.
0 comment(s)
Diary Archives