关联漏洞
标题:
FreeBSD ‘telnetd’ 缓冲区错误漏洞
(CVE-2011-4862)
描述:FreeBSD是由Core Team团队负责的FreeBSD项目中的一套类Unix自由操作系统,是经过BSD、386BSD和4.4BSD发展而来的类Unix的一个重要分支。 FreeBSD 7.3至9.0版本, MIT Kerberos Version 5 Applications 1.0.2及之前版本和Heimdal 1.5.1及之前版本中的telnetd中的libtelnet/encrypt.c中存在缓冲区溢出漏洞。远程攻击者可借助超长encryption键执行任意代码。
描述
Final Project for Security and Privacy CS 600.443
介绍
# CVE-2011-4862
Final Project for Security and Privacy CS 600.443 | Fall 2018
I originally tried to use diff to make a patch. I patched it the way I thought it would be, before looking at the real patch. encrypt.patch is this original patch that I made with teh diff. However, when we tried applying this patch to freeBSD, it would not accept it.
Instead, I had to fetch the real patch. I then changed the patch to implement the fix the way I originally thought it should. This works because it puts the whole path into the patch.
In the patch, I simply check the length compared to MAXLENGTH. If it's bigger than that, set it to 0. This way, it falls into the case of len = 0, which errors out. This fixes it!
Here is an explanation of how to apply a patch in freeBSD. https://www.freebsd.org/security/advisories/FreeBSD-SA-11:08.telnetd.asc Simply use this patch instead of fetching the real one. It will work, and you will no longer be able to exploit the buffer overflow.
文件快照
[4.0K] /data/pocs/e8f1d04698473b14e24a1fa78cd59b4845191746
├── [ 713] patch.c
└── [ 980] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。