Skip to content

Instantly share code, notes, and snippets.

@CAPCOMIN

CAPCOMIN/freemodbusVuln.md

Last active July 6, 2024 02:55
Show Gist options
  • Save CAPCOMIN/a0361511068dce21a557cf9fa01d0a02 to your computer and use it in GitHub Desktop.
Save CAPCOMIN/a0361511068dce21a557cf9fa01d0a02 to your computer and use it in GitHub Desktop.
Download ZIP
Information of a buffer overflow vulnerability exists in freemodbus
Raw
freemodbusVuln.md

Affected Product Code Base

freemodbus v.2018-09-12 (https://github.com/cwalter-at/freemodbus)

Affected Component

demo/LINUXTCP executable

OS and/or distribution

Ubuntu 20.04.6 LTS

Vulnerability Type

Buffer Overflow

Description

Buffer Overflow vulnerability in SILA Embedded Solutions GmbH freemodbus v.2018-09-12 allows a remote attacker to cause a denial of service via the LINUXTCP server component.

Vendor of Product

SILA Embedded Solutions GmbH

Attack Type

Remote

Impact Denial of Service

True

Actual behavior if applicable

Segmentation fault and crash.

Steps to reproduce the behavior

  1. Compiling freemodbus v.2018-09-12 (with ASAN)
  2. Run server
cd freemodbus/demo/LINUXTCP
./tcpmodbus
(Type 'e' and press Enter)
  1. Send the message recorded in the log file (https://github.com/cwalter-at/freemodbus/files/14774296/modbusbug2.txt)

Output with ASAN

=================================================================
==9863==ERROR: AddressSanitizer: SEGV on unknown address 0x000009026928 (pc 0x0000004c4c97 bp 0x7f2c32efede0 sp 0x7f2c32efed20 T1)
==9863==The signal is caused by a READ memory access.
    #0 0x4c4c97 in xMBPortTCPPool /home/linuxbrew/pin-3.28-98749-g6643ecee5-gcc-linux/source/tools/BinPRE/src/freemodbus/demo/LINUXTCP/port/porttcp.c:205:13
    #1 0x4c4667 in xMBPortEventGet /home/linuxbrew/pin-3.28-98749-g6643ecee5-gcc-linux/source/tools/BinPRE/src/freemodbus/demo/LINUXTCP/port/portevent.c:69:17
    #2 0x4c6084 in eMBPoll /home/linuxbrew/pin-3.28-98749-g6643ecee5-gcc-linux/source/tools/BinPRE/src/freemodbus/demo/LINUXTCP/../../modbus/mb.c:351:9
    #3 0x4c416f in pvPollingThread /home/linuxbrew/pin-3.28-98749-g6643ecee5-gcc-linux/source/tools/BinPRE/src/freemodbus/demo/LINUXTCP/demo.c:215:17
    #4 0x7f2c36853608 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x8608)
    #5 0x7f2c365fe352 in clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f352)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/linuxbrew/pin-3.28-98749-g6643ecee5-gcc-linux/source/tools/BinPRE/src/freemodbus/demo/LINUXTCP/port/porttcp.c:205:13 in xMBPortTCPPool
Thread T1 created by T0 here:
    #0 0x47e85a in pthread_create (/home/linuxbrew/pin-3.28-98749-g6643ecee5-gcc-linux/source/tools/BinPRE/src/freemodbus/demo/LINUXTCP/tcpmodbus+0x47e85a)
    #1 0x4c39db in bCreatePollingThread /home/linuxbrew/pin-3.28-98749-g6643ecee5-gcc-linux/source/tools/BinPRE/src/freemodbus/demo/LINUXTCP/demo.c:189:13
    #2 0x4c3502 in main /home/linuxbrew/pin-3.28-98749-g6643ecee5-gcc-linux/source/tools/BinPRE/src/freemodbus/demo/LINUXTCP/demo.c:126:21
    #3 0x7f2c36503082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082)

==9863==ABORTING

Reference

cwalter-at/freemodbus#43

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment