CVE-2003-0358 PoC — Nethack本地缓冲区溢出漏洞

Source

https://github.com/snowcra5h/CVE-2003-0358

Associated Vulnerability

Title:Nethack本地缓冲区溢出漏洞 (CVE-2003-0358)
Description:nethack是一款多种系统平台下的游戏程序。 nethack对用户提交的参数缺少正确边界缓冲区检查，本地攻击者可以利用这个漏洞进行缓冲区溢出攻击，可能以game用户权限在系统上执行任意指令。 nethack对-s选项的值缺少正确边界检查，攻击者提交超长字符串作为此选项值，就可以触发缓冲区溢出，由于nethack在Redhat 8上以suid game属性安装，因此精心构建提交参数值可能以game用户权限在系统上执行任意指令。

Description

By passing an overly large string when invoking nethack, it is possible to corrupt memory. jnethack and falconseye are also prone to this vulnerability.

Readme

# CVE-2003-0358

_Posting for historical reasons._

> * snowcrash
> * snowcra5h@icloud.com
> * https://github.com/snowcra5h/

## Description
> _Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1.9.3 and earlier, which is based on nethack, allows local users to gain privileges > via a long -s command line option._

## References
- https://www.exploit-db.com/?author=4939
- https://nvd.nist.gov/vuln/detail/CVE-2003-0358
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11283
- http://nethack.sourceforge.net/v340/bugmore/secpatch.txt
- http://www.debian.org/security/2003/dsa-316
- http://www.debian.org/security/2003/dsa-350
- http://www.securityfocus.com/archive/1/311172/2003-02-08/2003-02-14/0
- http://www.securityfocus.com/bid/6806

File Snapshot


 [4.0K]  /data/pocs/9c5cbe465bcc64afa681e5724419e798215d5a07
├── [1.0K]  CVE-2003-0358.c
├── [ 708]  CVE-2003-0358.pl
└── [ 765]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!