关联漏洞
介绍
# PoC of CVE-2023-4911 "Looney Tunables"
This is a PoC of CVE-2023-4911 (a.k.a. "Looney Tunables") exploiting a bug in glibc dynamic loader's `GLIBC_TUNABLES` environment variable parsing function `parse_tunables()`.
Code has been tested on Ubuntu 22.04.3 with glibc version `2.35-0ubuntu3.3`. No attempts have been made to generalize the PoC (read: "Works On My Machine"), so your mileage may vary.
As always, big kudos to the [Qualys Threat Research Unit](https://www.qualys.com/tru/) for the discovery of the vulnerability and for the [very detailed writeup](https://seclists.org/oss-sec/2023/q4/18).
-----
Written by [Xion](https://twitter.com/0x10n) of [KAIST Hacking Lab](https://kaist-hacking.github.io/)
文件快照
[4.0K] /data/pocs/c16a0862ba691ae79d6d1629804174e047c9bbde
├── [3.8K] exp.c
├── [ 390] gen_libc.py
├── [ 179] Makefile
└── [ 717] README.md
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。