CVE-2019-15846 PoC — Exim 缓冲区错误漏洞

Source

https://github.com/synacktiv/Exim-CVE-2019-15846

Associated Vulnerability

Title:Exim 缓冲区错误漏洞 (CVE-2019-15846)
Description:Exim是一个运行于Unix系统中的开源消息传送代理（MTA），它主要负责邮件的路由、转发和投递。 Exim 4.92.2之前版本中存在缓冲区错误漏洞。远程攻击者可利用该漏洞以root用户身份执行任意代码。

Description

PoC materials to exploit CVE-2019-15846

Readme

Exim CVE-2019-15846
===================

PoC materials to exploit CVE-2019-15846. Blogpost explaining the PoC is
available on
[Synacktiv Blog](https://www.synacktiv.com/posts/exploit/scraps-of-notes-on-exploiting-exim-vulnerabilities.html).

This PoC help generate spool files used exploit a heap overflow in exim.

Two example spool files are given in [1i7Jgy-0002dD-Pb-D](1i7Jgy-0002dD-Pb-D)
and [1i7Jgy-0002dD-Pb-H](1i7Jgy-0002dD-Pb-H).

A specialy crafted spool header file can be generated with
[exgen.py](exgen.py).

File Snapshot


 [4.0K]  /data/pocs/4fdf469003c36bf0c0a7a23a9a715b00e2e18f60
├── [  88]  1i7Jgy-0002dD-Pb-D
├── [1.8K]  1i7Jgy-0002dD-Pb-H
├── [ 15K]  exgen.py
└── [ 522]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!