PInfo Buffer Overflow Vulnerability Allowing Arbitrary Code Execution
Vulnerability
A local buffer overflow vulnerability has been identified in PInfo version 0.6.9-5.1. This vulnerability allows local attackers to execute arbitrary code by providing an oversized argument to the '-m' parameter. The exploitation involves crafting a malicious input string with 564 bytes of padding followed by a return address, which overwrites the instruction pointer and enables the execution of shellcode with user privileges.
Impact
Exploitation of this vulnerability leads to a local buffer overflow, allowing for arbitrary code execution with user privileges.
Reproduction
The vulnerability can be reproduced by using PInfo version 0.6.9-5.1 on a Linux platform. The exploit involves sending a crafted input to the '-m' parameter, which includes 564 bytes of padding followed by a return address. This input overwrites the instruction pointer, causing a segmentation fault and allowing for the execution of injected shellcode.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.