TRN Stack Buffer Overflow Vulnerability Allowing Local Code Execution

A stack buffer overflow vulnerability has been identified in TRN version 3.6-23. This vulnerability allows local attackers to execute arbitrary code by providing an oversized command-line argument. The exploitation involves crafting a payload with 156 bytes of padding followed by a return address, which overwrites the instruction pointer and enables the execution of shellcode with user privileges.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, allowing for arbitrary code execution with the privileges of the user running the application.

Reproduction

The vulnerability can be reproduced by running TRN 3.6-23 on a Linux system. The application must be launched with a command-line argument that includes 156 bytes of padding followed by a return address. This can be done using a Python script that generates the appropriate payload. Once the payload is injected, the program will crash, indicating a segmentation fault, which confirms the successful exploitation of the buffer overflow.