关联漏洞
标题:
FreeBSD ‘telnetd’ 缓冲区错误漏洞
(CVE-2011-4862)
描述:FreeBSD是由Core Team团队负责的FreeBSD项目中的一套类Unix自由操作系统,是经过BSD、386BSD和4.4BSD发展而来的类Unix的一个重要分支。 FreeBSD 7.3至9.0版本, MIT Kerberos Version 5 Applications 1.0.2及之前版本和Heimdal 1.5.1及之前版本中的telnetd中的libtelnet/encrypt.c中存在缓冲区溢出漏洞。远程攻击者可借助超长encryption键执行任意代码。
介绍
# cve-2011-4862
I originally tried to use diff to make a patch.
I patched it the way I thought it would be, before looking
at the real patch.
encrypt.patch is this original patch that I made with teh
diff.
However, when we tried applying this patch to freeBSD,
it would not accept it.
Instead, we had to fetch the real patch. I then changed the patch
to implement the fix the way I originally thought it should. This works
because it puts the whole path into the patch.
In the patch, we simply check the length compared to MAXLENGTH.
If it's bigger than that, set it to 0.
This way, it falls into the case of len = 0, which
errors out. This fixes it :-)
Here is an explanation of how to apply a patch in freeBSD.
https://www.freebsd.org/security/advisories/FreeBSD-SA-11:08.telnetd.asc
Simply use this patch instead of fetching the real one.
It will work, and you will no longer be able to exploit the buffer overflow.
文件快照
[4.0K] /data/pocs/7964a78cff32c3ec87051dec05229cd70225a228
├── [ 394] encrypt.patch
├── [ 924] README.md
└── [ 835] telnetd.patch
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。