PMS Stack-Based Buffer Overflow Vulnerability Allowing Arbitrary Code Execution
Vulnerability
A stack-based buffer overflow vulnerability has been identified in PMS version 0.42. This vulnerability allows local, unauthenticated attackers to execute arbitrary code by injecting malicious values into the application's configuration file. The buffer overflow occurs when oversized input is processed, overwriting the stack and enabling the execution of shell commands through return-oriented programming (ROP) techniques.
Impact
Exploitation of this vulnerability leads to a stack-based buffer overflow, allowing for arbitrary code execution on the affected system.
Reproduction
The vulnerability can be reproduced by crafting a configuration file that includes oversized input values. When PMS 0.42 is run with this modified configuration file, the application will process the excessive input, causing a stack-based buffer overflow. This can be exploited to execute arbitrary code by leveraging return-oriented programming techniques.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.