Merge pull request #127 from kevinbackhouse/SANE_exploit

SANE Backends exploit (CVE-2020-12861)

Author: xcorail

SecurityExploits/SANE/epsonds_CVE-2020-12861/.gitignore

@@ -0,0 +1,2 @@
+fakescanner
+sane_backends_exploit

SecurityExploits/SANE/epsonds_CVE-2020-12861/Makefile

@@ -0,0 +1,10 @@
+all: fakescanner sane_backends_exploit
+
+fakescanner: fakescanner.cpp utils.hpp utils.cpp
+	g++ -Wall -Wextra -O2 fakescanner.cpp utils.cpp -o fakescanner
+
+sane_backends_exploit: sane_backends_exploit.cpp utils.hpp utils.cpp
+	g++ -Wall -Wextra -O2 sane_backends_exploit.cpp utils.cpp -o sane_backends_exploit
+
+clean:
+	rm -f fakescanner sane_backends_exploit

SecurityExploits/SANE/epsonds_CVE-2020-12861/README.md

@@ -0,0 +1,37 @@
+# Vulnerabilities in SANE Backends
+
+This directory contains two proof-of-concept exploits for several vulnerabilities in
+[SANE Backends](https://gitlab.com/sane-project/backends).
+
+The first PoC, [fakescanner.cpp](fakescanner.cpp),
+is an enumeration of the different vulnerabilities listed in the
+[bug report](https://gitlab.com/sane-project/backends/-/issues/279).
+Run it like this:
+
+```bash
+make
+./fakescanner epson 0
+```
+
+(There are different command-line options for triggering different bugs.)
+On a different computer, start
+[Simple Scan](https://packages.ubuntu.com/bionic/simple-scan).
+
+The second PoC, [sane_backends_exploit.cpp](sane_backends_exploit.cpp),
+is a more elaborate exploit which uses a subset of the vulnerabilities
+to pop a calculator.
+It is designed to target
+[Simple Scan](https://packages.ubuntu.com/bionic/simple-scan)
+on
+[Ubuntu 18.04 LTS](https://releases.ubuntu.com/bionic/).
+It will not work on more recent Ubuntu versions due to the glibc version
+being different.
+Run it like this:
+
+```bash
+make
+./sane_backends_exploit
+```
+
+On a different computer, start
+[Simple Scan](https://packages.ubuntu.com/bionic/simple-scan).