CVE-2015-0235 PoC — GNU glibc 基于堆的缓冲区错误漏洞

Source

https://github.com/favoretti/lenny-libc6

Associated Vulnerability

Title:GNU glibc 基于堆的缓冲区错误漏洞 (CVE-2015-0235)
Description:GNU glibc（又名GNU C Library，libc6）是一种按照LGPL许可协议发布的开源免费的C语言编译程序。 GNU glibc 2.2版本和2.18之前2.x版本中的‘__nss_hostname_digits_dots’函数存在基于堆的缓冲区溢出漏洞。本地和远程攻击者都可通过调用‘ gethostbyname*()’函数利用该漏洞以运行应用程序的用户权限执行任意代码，控制系统。

Description

CVE-2015-0235 patches lenny libc6 packages for amd64

Readme

# lenny-libc6

File Snapshot


 [4.0K]  /data/pocs/6c9059295b24b2d8bef77b9f6c11a7d748556d8c
├── [ 32M]  glibc_2.7-18lenny7.1_amd64.build
├── [9.1K]  glibc_2.7-18lenny7.1_amd64.changes
├── [735K]  glibc_2.7-18lenny7.1.diff.gz
├── [2.3K]  glibc_2.7-18lenny7.1.dsc
├── [736K]  glibc_2.7-18lenny7.diff.gz
├── [2.8K]  glibc_2.7-18lenny7.dsc
├── [ 15M]  glibc_2.7.orig.tar.gz
├── [1.6M]  glibc-doc_2.7-18lenny7.1_all.deb
├── [ 15M]  glibc-source_2.7-18lenny7.1_all.deb
├── [4.7M]  libc6_2.7-18lenny7.1_amd64.deb
├── [5.1M]  libc6-dbg_2.7-18lenny7.1_amd64.deb
├── [2.4M]  libc6-dev_2.7-18lenny7.1_amd64.deb
├── [1.4M]  libc6-dev-i386_2.7-18lenny7.1_amd64.deb
├── [3.6M]  libc6-i386_2.7-18lenny7.1_amd64.deb
├── [1.4M]  libc6-pic_2.7-18lenny7.1_amd64.deb
├── [1.8M]  libc6-prof_2.7-18lenny7.1_amd64.deb
├── [1.1M]  libc6-udeb_2.7-18lenny7.1_amd64.udeb
├── [9.2K]  libnss-dns-udeb_2.7-18lenny7.1_amd64.udeb
├── [ 18K]  libnss-files-udeb_2.7-18lenny7.1_amd64.udeb
├── [4.3M]  locales_2.7-18lenny7.1_all.deb
├── [2.6M]  locales-all_2.7-18lenny7.1_amd64.deb
├── [171K]  nscd_2.7-18lenny7.1_amd64.deb
└── [  14]  README.md

0 directories, 23 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!