CVE-2016-3955 PoC — Linux kernel 拒绝服务漏洞

Source

Associated Vulnerability

Title:Linux kernel 拒绝服务漏洞 (CVE-2016-3955)
Description:Linux kernel是美国Linux基金会发布的开源操作系统Linux所使用的内核。NFSv4 implementation是其中的一个分布式文件系统协议。 Linux kernel 4.5.3之前版本的drivers/usb/usbip/usbip_common.c文件中的‘usbip_recv_xbuff’函数存在安全漏洞。远程攻击者可借助USB/IP数据包中特制的长度值利用该漏洞造成拒绝服务（越边界写入）。

Description

A demo server for CVE-2016-3955 (UBOAT)

Readme

# uboatdemo
### A demo server for CVE-2016-3955 (UBOAT)
Performs Linux heap buffer overflow, when USB/IP client begins sending control URBs.

## Building
The server is a standard simple Go program. You can build it the usual way assuming you have Go setup and configured according to [official instructions](https://golang.org/doc/install) with:
```
go get github.com/pqsec/uboatdemo/cmd/uboatsrv
```
The compiled binary should be in the `bin` directory of your configured `$GOPATH`.

## Additional information
https://pqsec.org/uboat-CVE-2016-3955/

File Snapshot


 [4.0K]  /data/pocs/c3f2f78f9a938e02a6106c57401dfd3afa4c2ad1
├── [4.0K]  cmd
│   └── [4.0K]  uboatsrv
│       └── [ 181]  main.go
├── [ 550]  README.md
├── [ 671]  uboatsrv.go
└── [6.2K]  usbip_protocol.go

2 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!