关联漏洞
标题:
HexChat 缓冲区错误漏洞
(CVE-2016-2233)
描述:Hexchat(前称XChat-WDK)是一套跨平台的IRC(一种通过网络的即时聊天方式)通讯软件。 HexChat 2.10.2版本中的common/inbound.c文件中的‘inbound_cap_ls’函数存在基于栈的缓冲区溢出漏洞。体验错服务器端攻击者可利用该漏洞造成拒绝服务(崩溃)。
描述
This is an exploitation guide for CVE-2016-2233
介绍
# CVE-2016-2233
CVE-2016-2233 is a stack-based buffer overflow vulnerability related with a wide-used IRC software Hexchat. We build a IRC server and launch the attack on it to make all the client connected to the server crash. We exploited our attack on Ubuntu 12.04 using Python. We make a patch to fix the vulnerability and prove it indeed works by various tests.
## How to install Hexchat
System Environment: Ubuntu 12.04 seed
Python Version: 2.7.12
To set up the dependencies, the following command should be executed:
````clojure
sudo apt-get install gnome-common
sudo apt-get install libglib2.0-dev
sudo apt-get update
sudo apt-get install libgtk2.0-dev
````
Then extract the hexchat-2.10.2.zip file and enter the folder. Install the software using the following commands:
````clojure
./autogen.sh
./configure
Make
sudo make install
````
## How to Setup IRCD-IRC2 on Server
The following commands are used to install ircd-irc2:
````clojure
sudo apt install ircd-irc2
````
After the server is installed, use the following 2 commands to restart NetworkManager, and start the service.
````clojure
sudo systemctl restart NetworkManager
sudo systemctl restart ircd-irc2
````
## How to Connect to Server
1. Find HexChat and double click to open
2. Set up nicknames
3. Press “Add” to add a network server
4. Name the server as “CVE Server” and press enter to confirm
5. Then press “Edit” to set up details such as IP address and Port number of the server
6. Edit the server in the pop-up window.
7. Set the IP address to 10.0.2.6, and use default port 6667
8. Press “Connect” and enter a random name for the channel name
9. Repeat these steps for the other client and both clients should be in the same channel
## How to Exploit Attack
The exploit is run on the server, where the attacker occupies and listens to the port IRC is using, and spoof packets with a large payload to overflow the buffer on client’s side and make clients crash.
1.client make connection to server
2.Stop the IRC service, and restart NetworkManager to enable the change
````clojure
sudo systemctl kill ircd-irc2
sudo systemctl restart NetworkManager
````
3.run the attack.py program on server
## How to patch
Replace the inbound.c file and reinstall the software using the following commands:
````clojure
./autogen.sh
./configure
Make
sudo make install
````
文件快照
[4.0K] /data/pocs/3caf727b6dbaf19a003aa70170e0800cd89c1353
├── [2.3K] attack.py
├── [2.6M] hexchat-2.10.2.tar.gz
├── [ 42K] inbound.c
└── [2.3K] README.md
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。