CVE-2019-0053 PoC — Juniper Networks Junos OS 缓冲区错误漏洞

Source

https://github.com/dreamsmasher/inetutils-CVE-2019-0053-Patched-PKGBUILD

Associated Vulnerability

Title:Juniper Networks Junos OS 缓冲区错误漏洞 (CVE-2019-0053)
Description:Juniper Networks Junos OS是美国瞻博网络（Juniper Networks）公司的一套专用于该公司的硬件设备的网络操作系统。该操作系统提供了安全编程接口和Junos SDK。 Juniper Networks Junos OS中存在缓冲区错误漏洞，该漏洞源于程序没有充分验证环境变量。攻击者可利用该漏洞绕过veriexec限制。以下产品及版本受到影响：Juniper Networks Junos OS 12.3版本，12.3X48版本，14.1X53版本，15.1版本，15.1X49

Description

A patched Arch Linux PKGBUILD to address CVE-2019-0053 (buffer overflow). Downloads and applies a (currently) unreleased patch from upstream.

Readme

inetutils hasn't been updated in 5 years, and neither has the official Arch package. A patch has been released that addresses CVE-2019-0053 (buffer overflow exploit from the use of sprintf instead of snprintf), but there's no official release in sight.

Honestly, there's a lot more wrong with using telnet than just buffer exploits, but this was a high urgency issue that took 10 minutes to address. Waiting on a response from the official maintainers right now, but this repo will do for the meantime.

File Snapshot


 [4.0K]  /data/pocs/673d8f6e251c7c799b81cf471b9548401a480f54
├── [5.1K]  0001-telnetd-Fix-buffer-overflows.patch
├── [2.6K]  0037-telnet-Validate-supplied-environment-variables.-CVE-.patch
├── [ 371]  inetutils.install
├── [ 15K]  PKGBUILD
├── [ 504]  README.md
└── [ 127]  telnetd.pam

0 directories, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!