Cueing up a calculator: an introduction to exploit development on Linux

In the detailed exploration of exploiting CVE-2023-43641, a memory corruption vulnerability in the libcue library, the author explains how this flaw can be exploited to achieve remote code execution (RCE) on systems running Ubuntu 23.04 and Fedora 38. The vulnerability, which stems from an out-of-bounds array access in libcue, allows attackers to overwrite process memory, offering control over the array index and value. This is particularly potent when combined with the GNOME application tracker-miners, which automatically scans .cue files in the Downloads folder using libcue, making it possible for attackers to execute malicious code with just one click on a webpage. The post serves as an "introduction to exploit development," aimed at those familiar with C programming but new to developing exploits. The author details various techniques used in the exploit, such as heap manipulation, bypassing mitigations like ASLR and stack canaries, and utilizing gadgets within the libcue codebase to navigate around these mitigations. The narrative emphasizes the importance of understanding and developing exploits to accurately assess vulnerability severity and improve security measures, as shown by the discovery of a sandbox escape in tracker-extract, leading to strengthened sandboxing measures.