La Sostenibilità per TIM

Il Report 2024 accoglie i principi della Corporate Sustainability Reporting Directive (CSRD) ed è incluso nella Relazione Finanziaria e di Sostenibilità. Approfondisci

Ultimi Comunicati Stampa

Redazione ufficio stampa

Leggi gli ultimi comunicati stampa e naviga nell'archivio dell'Ufficio Stampa del Gruppo TIM. Leggi i comunicati

CVE-2024-52949

CVE-2024-52949– iptraf-ng

Vulnerability Description: Stack-based Buffer Overflow - CWE-121

Software Version: 1.2.1

NIST: https://nvd.nist.gov/vuln/detail/CVE-2024-52949

CVSS:

Severity:

Credits: Massimiliano Ferraresi, Massimiliano Brolli

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). Buffer overflows often can be used to execute arbitrary

Step-by-step instructions and PoC

During an assessment we fuzzed the -C argument with AFL++ with the following command

sudo ./afl-fuzz -i /in -o /out -- ./iptraf-ng -C @@

The /in directory contains various types of playlists that AFL can fuzz and iterate over. After one day of fuzzing, we found 4 types of config that crash iptraf-ng. The issue consistently occurs in the strcpy function doesn’t control the size and is possible to overflow memory in the stack

The following evidence the line of vulnerability code:

Figure 1: /src/ifaces.c:70

Click to enlaarge

This is the overwritten EIP:

Figure 2: overwritten EIP

Click to enlarge

Below you can find an exploit, by way of it’s possible execute arbitrary code, and the relative payload it generates:

Figure 3: Exploit to execute arbitrary code

Click to enlarge

Figure 4: Payload

Click to enlarge

Inject the payload into -i argument:

Figure 5: Payload injection

Click to enlarge

Execute the shell:

Figure 6: Shell execution

Click to enalrge

Security Impact

An attacker can use a malicious configuration file to execute arbitrary code on the victim's program with root privilege.