Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-9430 PoC — dnstracer 缓冲区错误漏洞

Source
https://github.com/j0lama/Dnstracer-1.9-Fix
Associated Vulnerability
Title:dnstracer 缓冲区错误漏洞 (CVE-2017-9430)
Description:dnstracer是一个用来跟踪DNS解析过程的应用程序。 dnstracer 1.9及之前的版本中存在基于栈的缓冲区溢出漏洞。攻击者可借助带有较长参数的命令行利用该漏洞造成拒绝服务(应用程序崩溃)。
Description
CVE-2017-9430 Fix
Readme
# Dnstracer-1.9-Fix
### dnstracer
dnstracer determines where a given Domain Name Server (DNS) gets its information from for a given hostname, and follows the chain of DNS servers back to the authoritative answer.

### Problem
Stack-based buffer overflow in dnstracer through 1.9 allows attackers to execute arbitrary code via a command line with a long name argument that is mishandled in a strcpy call for argv[0].

```
/*dnstracer_broken.h*/
#define NS_MAXDNAME	1024

/*dnstracer.c*/
strcpy(argv0, argv[0]);
```

### Fix
Check if argv[0] length is longer than 1024.

```
/*CVE-2017-9430 Fix*/
if(strlen(argv[0]) >= NS_MAXDNAME)
{
    free(server_ip);
    free(server_name);
    fprintf(stderr, "dnstracer: argument is too long %s\n", argv[0]);
    return 1;
}
```
File Snapshot

 [4.0K]  /data/pocs/ba0c8ac115b1795a61f60120479e76ba94fe89cb
├── [ 19K]  aclocal.m4
├── [4.0K]  autom4te.cache
│   ├── [144K]  output.0
│   ├── [4.0K]  requests
│   └── [ 13K]  traces.0
├── [   0]  autoscan.log
├── [3.2K]  CHANGES
├── [ 38K]  config.guess
├── [3.1K]  config.h.in
├── [ 28K]  config.sub
├── [144K]  configure
├── [1.1K]  configure.in
├── [ 828]  configure.scan
├── [ 408]  CONTACT
├── [ 12K]  depcomp
├── [6.9K]  dnstracer.8
├── [1.0K]  dnstracer_broken.h
├── [ 43K]  dnstracer.c
├── [2.8K]  dnstracer.pod
├── [ 782]  dnstracer.spec
├── [1.2K]  FILES
├── [5.5K]  getopt.c
├── [ 527]  getopt.h
├── [5.4K]  install-sh
├── [1.3K]  LICENSE
├── [ 318]  Makefile.am
├── [ 14K]  Makefile.in
├── [8.6K]  missing
├── [1.5K]  mkinstalldirs
├── [ 219]  MSVC.BAT
├── [1002]  README
├── [ 766]  README.md
├── [  10]  stamp-h
└── [   0]  stamp-h.in

1 directory, 33 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.