CVE-2005-4807

GNU Binutils <20050721 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-4807. PoCs published by Tavis Ormandy.

AI-analyzed exploit summary This exploit leverages a buffer overflow vulnerability in GNU binutils GAS (GNU assembler) by injecting shellcode and manipulating the return address to execute arbitrary code. The PoC generates a malicious assembly file that triggers the overflow when processed by the vulnerable assembler.

Description

Stack-based buffer overflow in the as_bad function in messages.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050721 allows attackers to execute arbitrary code via a .c file with crafted inline assembly code.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Tavis Ormandy · bashremotelinux

https://www.exploit-db.com/exploits/28397

View Code ZIP pw:eip

This exploit leverages a buffer overflow vulnerability in GNU binutils GAS (GNU assembler) by injecting shellcode and manipulating the return address to execute arbitrary code. The PoC generates a malicious assembly file that triggers the overflow when processed by the vulnerable assembler.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: GNU binutils GAS (versions prior to the fix for CVE-2005-4807)

No auth needed

Prerequisites: Vulnerable version of GNU binutils GAS · Ability to supply malicious input to the assembler

MITRE ATT&CK