CVE-2016-20042

TRN 3.6-23 Stack Buffer Overflow Local Code Execution

CVSS 8.6 HIGHEPSS 0.1%CWE-787

TRN 3.6-23 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the application. Attackers can craft a malicious command-line argument with 156 bytes of padding followed by a return address to overwrite the instruction pointer and execute shellcode with user privileges.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

trn · Threaded USENET News Reader

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/39764unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://sourceforge.net/projects/trn/https://www.exploit-db.com/exploits/39764 https://www.vulncheck.com/advisories/trn-23-stack-buffer-overflow-local-code-execution