CVE-2011-2702

glibc < 2.13 and eglibc < 2.13 - Remote Code Execution via SSSE3 Optimization

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-2702. PoCs published by c0ntex.

AI-analyzed exploit summary The writeup describes a signedness vulnerability in eGlibc's memcpy_ssse3 function, where a negative length value can bypass a jump instruction, leading to arbitrary code execution. It includes assembly analysis and a test case but lacks a functional exploit.

Description

Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, or (3) memset-sse2.S in sysdeps/i386/i686/multiarch/, which triggers an out-of-bounds read, as demonstrated using the memcpy function.

Exploits (1)

exploitdb WRITEUP VERIFIED

by c0ntex · textdoslinux

https://www.exploit-db.com/exploits/20167

View Code ZIP pw:eip

The writeup describes a signedness vulnerability in eGlibc's memcpy_ssse3 function, where a negative length value can bypass a jump instruction, leading to arbitrary code execution. It includes assembly analysis and a test case but lacks a functional exploit.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: eGlibc (Ubuntu 10.4 LTS)

No auth needed

Prerequisites: Control over the length parameter in a memcpy call

MITRE ATT&CK