Ubuntu whoopsie integer overflow vulnerability (CVE-2019-11484)

In the final installment of a four-part series, Kevin Backhouse discusses the exploitation of a vulnerability in the Ubuntu crash reporting tool "whoopsie," identified as CVE-2019-11484. This vulnerability, an integer overflow leading to a heap buffer overflow, can be exploited by chaining it with another vulnerability to obtain the Address Space Layout Randomization (ASLR) offsets of whoopsie, ultimately allowing a shell to be obtained as the whoopsie user. The exploit involves manipulating memory allocation using a flaw in the bson_ensure_space function from an old libbson fork, which fails to allocate additional memory when required due to an integer overflow. This leads to a heap buffer overflow that overwrites parts of the memory allocator, the GSlice allocator, enabling the execution of arbitrary code. Despite challenges such as the need for valid UTF8 strings and the constraints of the ASLR, Backhouse devised a method to exploit the vulnerability by redirecting memory allocation to crafted objects, allowing for the execution of a shell script. He also shares insights and the learning process throughout his research, aiming to enhance open-source software security by identifying and mitigating vulnerabilities.