When dumping file, and it fails and prompts you into writing to ./lost_found there is a stash smashing vulnerability.
It allocates 255 bytes on the stack for ans
Then, without any bounds checking feeds user input into it.
printf("Do you want to dump this file into ./lost_found/? [Y/N] ");
ret = scanf("%s", ans);Under certain conditions, this can lead to an arbitrary code execution.
Vulnerable files:
fsck/dump.c
When dumping file, and it fails and prompts you into writing to
./lost_foundthere is a stash smashing vulnerability.It allocates 255 bytes on the stack for ans
Then, without any bounds checking feeds user input into it.
Under certain conditions, this can lead to an arbitrary code execution.
Vulnerable files:
fsck/dump.c