关联漏洞
标题:
Samba服务器call_trans2open远程缓冲区溢出漏洞
(CVE-2003-0201)
描述:Samba是一套实现SMB(Server Messages Block)协议,跨平台进行文件共享和打印共享服务的程序。Samba-TNG是一款Samba的衍生版本。 Samba程序由于对外部输入缺少正确的边界缓冲区检查,远程攻击者可以利用这个漏洞以root用户权限在系统上执行任意指令。 问题是smbd/trans2.c文件中的call_trans2open()函数调用: StrnCpy(fname,pname,namelen); /* Line 252 of smbd/trans2.c */ StrnCp
描述
Samba exploit CVE2003-0201
介绍
Samba versions 2.2.0 to 2.2.8
==============================
This exploits the buffer overflow found in Samba versions
2.2.0 to 2.2.8. This particular module is capable of
exploiting the flaw on x86 Linux systems that do not
have the noexec stack option set.
NOTE: Some older versions of RedHat do not seem to be vulnerable
since they apparently do not allow anonymous access to IPC.
CVE
===
- CVE-2003-0201
- OSVDB-4469
- BID-7294
Compile
=======
gcc trans2open.c -o trans2open
Metasploit
==========
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/samba/trans2open.rb
文件快照
[4.0K] /data/pocs/20b581b0f51765d60c4316d3906869c06b0ee1c3
├── [ 611] README.md
└── [ 22K] trans2open.c
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。