关联漏洞
标题:
威睿 VMware ESXi 缓冲区错误漏洞
(CVE-2021-21974)
描述:Vmware VMware ESXi是美国威睿(Vmware)公司的一套可直接安装在物理服务器上的服务器虚拟化平台。 ESXi 存在安全漏洞,该漏洞源于同一网段的恶意行为者可以访问端口427,导致远程代码执行。以下产品及版本受到影响:7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG。
描述
CVE-2021-21974 Vulnerability Detection Tool Safe PoC that identifies vulnerable SLP implementations without exploitation
介绍
# CVE-2021-21974 Vulnerability Detector
A Python-based security tool for detecting CVE-2021-21974 vulnerability in SLP (Service Location Protocol) implementations, specifically targeting VMware ESXi systems. This tool performs safe, non-exploitative detection by analyzing SLP service responses and implementation behaviors.
## Description
CVE-2021-21974 is a critical heap-overflow vulnerability in the SLP service of VMware ESXi that can lead to remote code execution. This detector tool safely identifies potentially vulnerable systems by:
- Testing SLP service availability and responsiveness
- Fingerprinting SLP implementation versions
- Analyzing boundary condition handling
- Testing malformed packet responses
- Assessing vulnerability likelihood based on implementation characteristics
The tool is designed as a **safe proof-of-concept** that identifies vulnerable systems without performing actual exploitation.
## Features
- **Non-destructive scanning**: Safe detection without exploitation attempts
- **SLP service fingerprinting**: Identifies VMware ESXi implementations
- **Boundary condition testing**: Tests parsing limits without triggering overflows
- **Malformed packet analysis**: Evaluates error handling capabilities
- **Comprehensive reporting**: Detailed scan results with timestamps
- **Timeout handling**: Prevents hanging on unresponsive services
- **Connection management**: Proper socket handling and cleanup
## Requirements
- Python 3.x
- Standard Python libraries:
- `socket`
- `struct`
- `sys`
- `time`
- `datetime`
## Installation
1. Clone or download the script:
wget https://example.com/CVE-2021-21974_detector.py
curl -O https://example.com/CVE-2021-21974_detector.py
2. Make the script executable:
chmod +x CVE-2021-21974_detector.py
3. Verify Python 3 installation:
python3 --version
## Usage
### Basic Usage
Run the detector against a target IP address:
python3 CVE-2021-21974_detector.py <IP>
### Configuration
The tool uses the following default settings that can be modified in the source code:
Default SLP Port: 427 (TCP)
Connection Timeout: 5 seconds for initial connection, 3 seconds for boundary tests
Response Timeout: 2 seconds for malformed packet tests
Buffer Size: 1024 bytes for response reception
### Customizing Parameters
To modify default settings, edit the SLPVulnDetector class initialization:
Python
Change default port
detector = SLPVulnDetector(target_ip, port=427)
Modify timeouts in respective methods
sock.settimeout(10) # Increase timeout to 10 seconds
文件快照
[4.0K] /data/pocs/3ee1777088c210b227200bd34f52b2c2abb84ee5
├── [9.5K] CVE-2021-21974_detector.py
└── [2.5K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。