Buffer Overflow Vulnerabilities in KiTTY Start Duplicated Session Hostname (CVE-2024-25003) & Username (CVE-2024-25004)
Original Post:
We discussed this vulnerability during Episode 244 on 20 February 2024
A traditional unbounded strcpy
, this one is a bit fun because its happening as a server you are connecting to printing a vulnerable ANSI escape code and arguments.
the command __dt
is meant to duplicate a terminal session it will allocate a host
and user
character arrays on the stack, then strcpy
values from the ASNI escape sequence into it. As those are attacker controlled values they can overflow the allocated buffers.