CVE-2013-6282 PoC — Linux kernel 输入验证漏洞

Source

https://github.com/fi01/libput_user_exploit

Associated Vulnerability

Title:Linux kernel 输入验证漏洞 (CVE-2013-6282)
Description:Linux kernel是美国Linux基金会发布的开源操作系统Linux所使用的内核。NFSv4 implementation是其中的一个分布式文件系统协议。基于v6k和v7 ARM平台上的Linux kernel 3.5.4及之前的版本中的‘get_user’和‘put_user’API函数中存在安全漏洞，该漏洞源于程序没有验证目标地址。攻击者可借助特制的应用程序利用该漏洞读取或修改任意内核内存位置的内容。

Description

CVE-2013-6282 exploit

Readme

#

ATTENTION !!!
	This exploit writes more 3 bytes with zero.

	But it is enough to install ptmx.fsync handler and modify uevent_helper string.

File Snapshot


 [4.0K]  /data/pocs/f042d9f46f0953b4ea9ae33382ee2b85f3dd2753
├── [ 189]  Android.mk
├── [1.2K]  put_user.c
├── [ 312]  put_user.h
└── [ 144]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!