DVL included Mplayer Buffer Overflow Vulnerability (CVE-2007-2948 and SAID 24302)


A stack overflow was found and reported by Stefan Cornelius of Secunia Research in the code used to handle cddb queries. Two other similar issues were found by Reimar Döffinger while fixing the issue. The vulnerability is identified with CVE-2007-2948 and SAID 24302. When copying the album title and category, no checking was performed on the size of the strings before storing them in a fixed-size array. A malicious entry in the database could trigger a stack overflow in the program, leading to arbitrary code execution with the uid of the user running MPlayer.

 
EXP/HTML.VML.Gen - FALSE POSITIVE !!!


This website is NOT INFECTED !!!. The initialization of the VML support ..."document.namespaces.add("v", "urn:schemas-microsoft-com:vml"); " ... seems to release the virus warning at some virus scanners in a randomized way! We use this for the Podcast component. The root cause are is the heuristics which the scanners use!

 





Lost Password?
No account yet? Register

VMWare Player

Get the free VMWare Player!
Damn Vulnerable Linux is prepared to run under VMWare player!

Who's Online

We have 5 guests online

Statistics

Members: 3805
News: 85
Web Links: 0
Visitors: 231644

DVL is based on BackTrack2

dragon_small.jpg


License


License for Damn Vulnerable Linux distribution

Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 License.


License for training material including all texts, audios and videos

Creative Commons License
This work is licensed under a Creative Commons NonCommercial Sampling Plus 1.0 License.
Release Notes
Written by DVL Team   


[July 2007] Damn Vulnerable Linux (DVL) E605 (1.3):

Added many many vulnerabilities. Added much exercise material including sources. Now included the HoneyNet Project and WebGoat.

  • 0000070: [Reverse Code Engineering] Add Boomerang Decompiler
  • 0000082: [Application Development] Free Pascal Compiler
  • 0000136: [Tools] Add Valgrind 3.2.0 + Valkyrie
  • 0000135: [Application Development] Add SmallBasic 0.9.7
  • 0000134: [Application Development] Add Dr. Scheme
  • 0000133: [Application Development] Add SWI Prolog
  • 0000131: [Application Development] Add GCC-g77
  • 0000127: [Web Exploitation] Add Cyphor
  • 0000109: [Shellcode / Exploitation] Add atari800 Local Root Exploit
  • 0000120: [Shellcode / Exploitation] Add phpBB 2.0.13 (admin_styles.php) Remote Command Execution Exploit
  • 0000125: [Web Exploitation] Add Joomla <= 1.0.9 (Weblinks) Remote Blind SQL Injection Exploit
  • 0000126: [Web Exploitation] Add Joomla <=1.0.7 (feed) Denial of Service Exploit
  • 0000123: [Web Exploitation] Add PHPNuke 7.8
  • 0000124: [Application Development] Add PHP-Nuke 7.4 POST Method Admin Variable Privilege Escalation
  • 0000122: [Shellcode / Exploitation] Add linux-ftpd-ssl 0.17 (MKD/CWD) Remote Root Exploit
  • 0000110: [Shellcode / Exploitation] Add Aeon 0.2a Local Linux Exploit
  • 0000108: [Shellcode / Exploitation] Add SoX Local Buffer Overflow Exploit
  • 0000111: [Shellcode / Exploitation] Add sash <= 3.7 Local Buffer Overflow Exploit
  • 0000104: [Shellcode / Exploitation] Add splitvt < 1.6.5 Local Exploit
  • 0000121: [Web Exploitation] Add e107 <= 0.6172 (resetcore.php) Remote SQL Injection Exploit
  • 0000102: [Shellcode / Exploitation] Add ProFTPD <= 1.3.0a (mod_ctrls support) Local Buffer Overflow PoC
  • 0000016: [Reverse Code Engineering] Fenris should be added
  • 0000067: [Reverse Code Engineering] Add ELFIO
  • 0000084: [Application Development] Add FakeAP
  • 0000083: [Application Development] Add BestCrypt
  • 0000085: [Application Development] Add FindDDOS
  • 0000078: [Tools] Add QTParted
  • 0000094: [Shellcode / Exploitation] Add Minicom 1.81
  • 0000096: [Shellcode / Exploitation] Add Nestea "Off By One" attack
  • 0000099: [Web Exploitation] Add PhpBB 2.0.12 Session Handling Authentication Bypass
  • 0000100: [Web Exploitation] Add WordPress 1.5.1.1 SQL Injection
  • 0000101: [Web Exploitation] Add Nabopoll 1.2 Remote File Inclusion, Remote Configuration Disclosure
  • 0000093: [Application Development] Add HLA Compiler Construction Kit
  • 0000092: [Application Development] Add YASM Assembler
  • 0000091: [Application Development] Add FASM
  • 0000090: [Application Development] Add SciLab
  • 0000081: [Application Development] Add GSL GNU Scientific Library
  • 0000080: [Application Development] Add FreeBasic
  • 0000079: [Application Development] Add BlueFish Editor
  • 0000033: [Application Development] RHIDE should be added
  • 0000089: [Application Development] Add C++6 libs
  • 0000088: [Application Development] Add LibGC
  • 0000087: [Application Development] Add BOOST Library
  • 0000076: [Application Development] Remove JRE and add JDK 1.5
  • 0000075: [Application Development] Add QEMU
  • 0000074: [Application Development] Add Scite Editor
  • 0000073: [Peneration Testing] Add OWASP’s WebGoat

[May 2007] Damn Vulnerable Linux (DVL) Strychnine (1.2):

Added several tools. Switched to BackTrack 2 Final as core system. DVL Strychnine will contain a Knowledge Base as well!

  • 0000072: [Application Development] Add Flawfinder
  • 0000071: [Application Development] Add JLint
  • 0000025: [Reverse Code Engineering] libdisasm_0.21-pre2 should be added
  • 0000068: [Reverse Code Engineering] Add REC 1.6
  • 0000051: [Reverse Code Engineering] Add LTRACE
  • 0000047: [Reverse Code Engineering] ELF Shell should be added
  • 0000007: [Requirements] Firefox Tabs should be cleaned up
  • 0000035: [Application Development] KDevelop should be added
  • 0000015: [Reverse Code Engineering] Bastard 0.17 should be added
  • 0000011: [Requirements] Boot text should be branded for DVL instead for BT
  • 0000032: [Application Development] NEdit should be added
  • 0000012: [Requirements] A new bootspash has to be designed and included
  • 0000048: [Reverse Code Engineering] Add ELF Kickers
  • 0000014: [Shellcode / Exploitation] Splint static code analyzer should be added
  • 0000045: [Reverse Code Engineering] Add BIEW
  • 0000040: [Reverse Code Engineering] LDasm should be added
  • 0000063: [Application Development] Add BASIC-256
  • 0000028: [Web Exploitation] A vulnerable PHP.ini should be used
  • 0000058: [Application Development] PHPmyAdmin should be installed
  • 0000065: [Application Development] Add GAS
  • 0000064: [Bugs] HLA does not work under Konsole
  • 0000059: [Documentation] Define Directory Structure for Documentation
  • 0000060: [Tutorials] Define Directory Structure for Tutorials
  • 0000004: [Documentation] DVL needs a concept on how to hold documentation
  • 0000019: [Reverse Code Engineering] ht-2.0.2 should be added
  • 0000020: [Cryptography] stegdetect-0.6 should be added
  • 0000022: [Reverse Code Engineering] STAN 0.4.1 Stream Analyzer should be added
  • 0000024: [Cryptography] Outguess 0.2 should be added
  • 0000038: [Reverse Code Engineering] memgrep should be installed
  • 0000039: [Reverse Code Engineering] ALD Assembly Language Debugger should be added
  • 0000049: [Reverse Code Engineering] Add REVDump
  • 0000061: [Tutorials] Define Directory Structure for exercises
  • 0000010: [Shellcode / Exploitation] SudoEdit 1.6.8 should be added (Local Exploit)
  • 0000013: [Reverse Code Engineering] LIDA disassembler needs to be installed and linked in menues
  • 0000017: [Reverse Code Engineering] GDBINIT colorized by Mammon should be added.
  • 0000018: [Application Development] HLA Assembly Language should be added
  • 0000023: [Reverse Code Engineering] Sandmark should be added
  • 0000031: [Application Development] jEdit should be installed
  • 0000041: [Reverse Code Engineering] The Examiner should be added
  • 0000050: [Reverse Code Engineering] Add RADARE
  • 0000057: [Reverse Code Engineering] Add Sinister
  • 0000029: [Application Development] MySQL should be installed
  • 0000037: [Application Development] Jed Editor should be added
  • 0000030: [Application Development] Wine Windows Emulator needs to be installed
  • 0000027: [Requirements] Apache with PHP 4 and 5 included
  • 0000054: [Reverse Code Engineering] Add MemFetch
  • 0000052: [Reverse Code Engineering] Add STRACE
  • 0000056: [Reverse Code Engineering] Add lsof

CANCELLED! - DVL 1.1 (Black Hat Edition):

The following important files have been added (minor tool additions not listed):

  • Metsploit 3.0 Framework. The Metasploit Framework is a development platform for creating security tools and exploits. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby. programming language and includes components written in C and assembler.
  • Web Exploitation Package 02. Includes 4 real life web targets.
  • Crackme Package 01. Includes 61 Linux crackmes for reverse code engineering challenges.
  • Debug Contest Package Windows. Includes 11 compiled Windows targets for analysis challenges.
  • Binary Exploitation Package 01. Includes 24 compiled targets for binary exploitation.
  • Binary Exploitation Package 02. Includes 40 compiled targets by Gera for binary exploitation.
  • Binary Exploitation Package 03. Includes 6 compiled targets by Juliano for binary exploitation.
  • Binary Exploitation Package 04. Includes 5 compiled targets by IITAC for binary exploitation.
  • Pre-Configured vulnerable PHP.ini.
  • Adapted .bashrc for HLA Assembly Language integration.
  • All collectable sources code examples for HLA Assembly Language programming.
  • Wine for Windows target analysis.
  • xcalc calculator.
  • rar.
  • VGUI.
  • VIM (VI Improved).
  • A comprehensive collection of core utils.
  • Outguess Steganography.
  • Steghide Steganography.
  • Scite Editor for many languages including Assembly.

 


 

DVL 1.0 (Initial Core Release):

The Core Release is a tool release only. It contains the following important tools:

  • HT 0.5

  • libreadline4_4.2a-5_i386

  • gdb_5.2.cvs20020401-6_i386

  • binutils_2.12.90.0.1-4_i386 (including objdumps,gas,strings ...)

  • nasm-0.98-1.i386

  • HLA v1.86

  • libelfsh0-dev_0.65rc1-1_i386

  • elfsh_0.65rc1-1_i386

  • Apache 2.0.5.4

  • Php 4.4.0

  • ethereal-common_0.9.4-1woody12_i386

  • ethereal_0.9.4-1woody12_i386

  • libpcap0_0.6.2-2_i386

  • tcpdump_3.6.2-2.8_i386

  • lsof_4.57-1_i386

  • ltrace_0.3.26_i386

  • nmap_2.54.31.BETA-1_i386

  • strace_4.4-1.2_i386

  • ELFkickers-2.0a (including sstrip, rebind, elfls, ebfc, elftoc)

  • GCC/G++ 3.3.4

  • GNU Make 3.80

  • bastard_bin- 0.17.tgz

  • Mysql-server 4.4.1

  • Ruby 1.8

  • Python 2.3

  • lida-03.00.00

  • DDD 3.3.1

 

 


 
Advertisement

Latest Podcasts

Debugging Backwards in TimeF-Secure Reverse Engineering Challenge
Storm SiteBluetooth worm against a Nokia E90
Targeted AttacksFirebox X Edge, Day One: Wireless Settings
Hide files using ADS.Debug : Tutorial #2
Debug : Tutorial #1Assembly programming : Example # 2 again!
Assembly programming : Example # 1 again!Introduction to Wireshark: howto #3
Introduction to Wireshark: howto #2Introduction to wireshark. howto #1

References

  • IITAC - International Institute (Certification and Training)
  • Leibnitz University of Hannover, Germany (Secure Software Development Lecture)
  • University of Applied Sciences and Arts Hannover, Germany (Secure Software Development Lecture)
  • East Tennessee State University, U.S (Ethical Hacking Class)
  • University of the Basque Country, Spain (Computer Security Class)
  • University of Florida, U.S. (Student Infosec Team)