Axessh Stack-Based Buffer Overflow Vulnerability Allowing Arbitrary Code Execution
Vulnerability
A stack-based buffer overflow vulnerability has been identified in Axessh version 4.2. The issue arises in the log file name field, where local attackers can execute arbitrary code by providing an excessively long filename. The vulnerability allows overwriting the instruction pointer by overflowing the buffer at an offset of 214 bytes, enabling the execution of shellcode with system privileges.
Impact
Exploitation of this vulnerability leads to a stack-based buffer overflow, allowing for arbitrary code execution with system privileges.
Reproduction
To reproduce this vulnerability, first, prepare a Python script that generates a filename exceeding the buffer limit. This script should create a file named 'Axessh.txt' containing the overflow payload. Afterward, open the Axessh application and navigate to 'Details' > 'Settings' > 'Logging'. Enable the 'Log all sessions output' option and paste the crafted filename into the 'Log file name' field. Once the settings are saved, the application will crash, indicating that the buffer overflow has been successfully exploited.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.