Multi Emulator Super System Buffer Overflow Vulnerability Allowing Code Execution
Vulnerability
A buffer overflow vulnerability has been identified in Multi Emulator Super System (MESS) version 0.154-3.1. This vulnerability arises in the handling of the gamma parameter, where local attackers can supply an oversized value to overflow the stack buffer. This overflow allows for the overwriting of the instruction pointer with a controlled address, potentially leading to arbitrary code execution. The vulnerability can also cause the application to crash.
Impact
Exploitation of this vulnerability can result in a local denial-of-service condition by crashing the application, or it can be leveraged to execute arbitrary code with the privileges of the user running the emulator.
Reproduction
The vulnerability can be reproduced by running the MESS emulator with the '-gamma' option followed by a payload that includes a large amount of data. This can be done using a Python script to generate the oversized gamma parameter. The exploit causes a segmentation fault, indicating that the buffer overflow has occurred.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.