CVE-2019-12594 PoC — DOSBox 访问控制错误漏洞

Source

https://github.com/Alexandre-Bartel/CVE-2019-12594

Associated Vulnerability

Title:DOSBox 访问控制错误漏洞 (CVE-2019-12594)
Description:DOSBox是一款基于SDL库的DOS模拟器。 DOSBox 0.74-2版本中存在访问控制错误漏洞。该漏洞源于网络系统或产品未正确限制来自未授权角色的资源访问。

Description

This is a PoC for CVE-2019-12594, a vulnerability in DOSBox 0.74-2.

Readme

# CVE-2019-12594
  
This is a PoC for [CVE-2019-12594](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12594), a vulnerability in [DOSBox](https://www.dosbox.com/) 0.74-2. 

---

<figure>
  <img src="https://github.com/Alexandre-Bartel/CVE-2019-12594/blob/master/calc.jpg" width="800">
  <figcaption>Launching a calculator on the host from DosBox 0.74-2</figcaption>
<figure>

---

The PoC for this vulnerability has been tested with the following configuration:

* [DOSBox](https://www.dosbox.com/) 0.74-2
* Debian 10 (amd64)
* Libc6 2.28-10

File Snapshot


 [4.0K]  /data/pocs/605107ec52a4bb3f5ecb2980c8fbbe2d83d9aca0
├── [215K]  calc.jpg
├── [  39]  make_mem.bat
├── [ 11K]  mem.c
└── [ 551]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!