Linux server2.hpierson.com 3.10.0-1160.105.1.el7.x86_64 #1 SMP Thu Dec 7 15:39:45 UTC 2023 x86_64
Apache
: 162.0.216.123 | : 216.73.216.152
28 Domain
?7.4.33
yvffpqmy
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
README
+ Create Folder
+ Create File
/
usr /
share /
systemtap /
examples /
security-band-aids /
[ HOME SHELL ]
Name
Size
Permission
Action
cve-2008-0600.meta
209
B
-rw-r--r--
cve-2008-0600.stp
144
B
-rw-r--r--
cve-2008-0600.txt
345
B
-rw-r--r--
cve-2012-0056.meta
209
B
-rw-r--r--
cve-2012-0056.stp
75
B
-rw-r--r--
cve-2013-2094.meta
209
B
-rw-r--r--
cve-2013-2094.stp
418
B
-rw-r--r--
cve-2014-7169.meta
209
B
-rw-r--r--
cve-2014-7169.stp
82
B
-rw-r--r--
cve-2015-0235.meta
209
B
-rw-r--r--
cve-2015-0235.stp
2.17
KB
-rw-r--r--
cve-2015-3456.meta
209
B
-rw-r--r--
cve-2015-3456.stp
234
B
-rw-r--r--
cve-2015-7547.meta
209
B
-rw-r--r--
cve-2015-7547.stp
153
B
-rw-r--r--
cve-2016-0728.meta
209
B
-rw-r--r--
cve-2016-0728.stp
2.56
KB
-rw-r--r--
cve-2016-5195.meta
209
B
-rw-r--r--
cve-2016-5195.stp
371
B
-rw-r--r--
cve-2017-6074.meta
209
B
-rw-r--r--
cve-2017-6074.stp
264
B
-rw-r--r--
cve-2018-14634.meta
212
B
-rw-r--r--
cve-2018-14634.stp
1.16
KB
-rw-r--r--
Delete
Unzip
Zip
${this.title}
Close
Code Editor : cve-2015-0235.stp
#!/usr/bin/stap -g global added% global trap = 1 /* stap -G trap=0 to only trace, not fix */ /* CVE-2015-0235 "ghostbuster" band-aid Works by incrementing the size_needed variable set around line 86 of glibc nss/digits_dots.c, so as to account for the missing sizeof (*h_alias_ptr). This makes the subsequent comparisons work and return error codes for buffer-overflow situations. GLIBC DWARF debuginfo is needed, because we insert a statement probe just after the initial assignment. stap -g (guru mode) is needed because we're modifying state. 85 86 size_needed = (sizeof (*host_addr) 87 + sizeof (*h_addr_ptrs) + strlen (name) + 1); 88 89 if (buffer_size == NULL) 90 { 91 if (buflen < size_needed) 92 { 93 if (h_errnop != NULL) 94 *h_errnop = TRY_AGAIN; 95 __set_errno (ERANGE); 96 goto done; 97 } 98 } 99 else if (buffer_size != NULL && *buffer_size < size_needed) 100 { 101 char *new_buf; 102 *buffer_size = size_needed; 103 new_buf = (char *) realloc (*buffer, *buffer_size); */ probe process("/lib*/libc.so.6") /* Adjust wildcard for your distro. */ .statement("__nss_hostname_digits_dots@*:87-102") /* We use a range here because optimized glibc may only have a few clear-cut PC-ranges for statements. This particular line range is unusually reliable, because the digits_dots.c file has seen very little change in glibc, up until the CVE bug fix. We use the added[] array to make sure we only increment once per thread per function invocation. */ { if (! added[tid()]) { added[tid()] = 1; # we only want to add once printf("%s[%d] BOO! size_needed=%d ", execname(), tid(), $size_needed) if (trap) { /* The &@cast() business is a fancy sizeof(uintptr_t), which makes this script work for both 32- and 64-bit glibc's. */ $size_needed = $size_needed + &@cast(0, "uintptr_t")[1] printf("ghostbusted to %d", $size_needed) } printf("\n") } } probe process("/lib*/libc.so.6").function("__nss_hostname_digits_dots").return { delete added[tid()] }
Close
