关联漏洞
标题:
HP CIFSLogin本地缓冲区溢出漏洞
(CVE-2002-0991)
描述:Sharity是一款运行在UNIX系统上允许用户导出共享到其他系统的程序。HP CIFS/9000系统下的Sharity工具存在漏洞。 Sharity中的/opt/cifsclient/bin/cifslogin多个参数对用户提交的输入缺少正确边界检查,本地攻击者可以利用这个漏洞进行缓冲区溢出攻击。 /opt/cifsclient/bin/cifslogin程序中的多个参数选项如:'-U'、'-D'、 '-P'、'-S'、'-N'和'-u'在处理用户提交的输入时缺少正确的检查,攻击者可以提交超长的数据给上
描述
Buffer overflows in the cifslogin command for HP CIFS/9000 Client A.01.06 and earlier
介绍
# CVE-2002-0991
Buffer overflows in the cifslogin command for HP CIFS/9000 Client A.01.06 and earlier
Exploit-db publication at https://www.exploit-db.com/exploits/21577/<br>
Packetstorm publication at https://packetstormsecurity.com/files/26303/cifslogin.txt.html</br>
SecurityFocus publication at https://www.securityfocus.com/bid/5088</br>
# Author
Alex Hernandez aka <em><a href="https://twitter.com/_alt3kx_" rel="nofollow">(@\_alt3kx\_)</a></em>
# The exploit was written by watercloud:
Author references here: https://www.exploit-db.com/author/?a=97
# HP Solution/fixes and credits:
HP is aware of the vulnerability and has strongly suggested applying the following patches:
Upgrade to A.01.06, and then install patch PHNE_24164 for
HP-UX release 11.00 or 11.11.
CIFS/9000 Client version A.01.07 includes this fix.<br>
HP CIFS/9000 Server A.01.05<br>
HP Product B8724AA<br>
CIFS/9000 Client version A.01.07<br>
http://www.software.hp.com
HP CIFS/9000 Server A.01.06<br>
HP PHNE_24164<br>
http://itrc.hp.com
HP Product B8724AA<>br
CIFS/9000 Client version A.01.07<br>
http://www.software.hp.com
文件快照
[4.0K] /data/pocs/143078f9163fa3b0b64423d633f916df5e6d8b43
├── [ 18K] CVE-2002-0991.txt
├── [1.9K] ex_cifslogin.c
├── [ 34K] LICENSE
└── [1.1K] README.md
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。