CVE-2024-52949

Vulnerability Description: Stack-based Buffer Overflow - CWE-121

Software Version: 1.2.1

NIST: https://nvd.nist.gov/vuln/detail/CVE-2024-52949

CVSS:

Severity:

Credits: Massimiliano Ferraresi, Massimiliano Brolli

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). Buffer overflows often can be used to execute arbitrary

Step-by-step instructions and PoC

During an assessment we fuzzed the -C argument with AFL++ with the following command

sudo ./afl-fuzz -i /in -o /out -- ./iptraf-ng -C @@

The /in directory contains various types of playlists that AFL can fuzz and iterate over. After one day of fuzzing, we found 4 types of config that crash iptraf-ng. The issue consistently occurs in the strcpy function doesn’t control the size and is possible to overflow memory in the stack

The following evidence the line of vulnerability code:

This is the overwritten EIP:

Below you can find an exploit, by way of it’s possible execute arbitrary code, and the relative payload it generates:

Inject the payload into -i argument:

Execute the shell:

Security Impact

An attacker can use a malicious configuration file to execute arbitrary code on the victim's program with root privilege.