CVE-2002-0991 PoC — HP CIFSLogin本地缓冲区溢出漏洞

Source

https://github.com/alt3kx/CVE-2002-0991

Associated Vulnerability

Title:HP CIFSLogin本地缓冲区溢出漏洞 (CVE-2002-0991)
Description:Buffer overflows in the cifslogin command for HP CIFS/9000 Client A.01.06 and earlier, based on the Sharity package, allows local users to gain root privileges via long (1) -U, (2) -D, (3) -P, (4) -S, (5) -N, or (6) -u parameters.

Description

Buffer overflows in the cifslogin command for HP CIFS/9000 Client A.01.06 and earlier

Readme

# CVE-2002-0991
Buffer overflows in the cifslogin command for HP CIFS/9000 Client A.01.06 and earlier

Exploit-db publication at https://www.exploit-db.com/exploits/21577/<br>
Packetstorm publication at https://packetstormsecurity.com/files/26303/cifslogin.txt.html</br>
SecurityFocus publication at https://www.securityfocus.com/bid/5088</br>

# Author
Alex Hernandez aka <em><a href="https://twitter.com/_alt3kx_" rel="nofollow">(@\_alt3kx\_)</a></em>

# The exploit was written by watercloud:

Author references here: https://www.exploit-db.com/author/?a=97 

# HP Solution/fixes and credits: 

HP is aware of the vulnerability and has strongly suggested applying the following patches:
Upgrade to A.01.06, and then install patch PHNE_24164 for
HP-UX release 11.00 or 11.11.

CIFS/9000 Client version A.01.07 includes this fix.<br>

HP CIFS/9000 Server A.01.05<br>
HP Product B8724AA<br>
CIFS/9000 Client version A.01.07<br>
http://www.software.hp.com

HP CIFS/9000 Server A.01.06<br>
HP PHNE_24164<br>
http://itrc.hp.com

HP Product B8724AA<>br
CIFS/9000 Client version A.01.07<br>
http://www.software.hp.com

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!