关联漏洞
标题:Juniper Networks Junos OS 缓冲区错误漏洞 (CVE-2019-0053)Description:Juniper Networks Junos OS是美国瞻博网络(Juniper Networks)公司的一套专用于该公司的硬件设备的网络操作系统。该操作系统提供了安全编程接口和Junos SDK。 Juniper Networks Junos OS中存在缓冲区错误漏洞,该漏洞源于程序没有充分验证环境变量。攻击者可利用该漏洞绕过veriexec限制。以下产品及版本受到影响:Juniper Networks Junos OS 12.3版本,12.3X48版本,14.1X53版本,15.1版本,15.1X49
Description
A patched Arch Linux PKGBUILD to address CVE-2019-0053 (buffer overflow). Downloads and applies a (currently) unreleased patch from upstream.
介绍
inetutils hasn't been updated in 5 years, and neither has the official Arch package. A patch has been released that addresses CVE-2019-0053 (buffer overflow exploit from the use of sprintf instead of snprintf), but there's no official release in sight.
Honestly, there's a lot more wrong with using telnet than just buffer exploits, but this was a high urgency issue that took 10 minutes to address. Waiting on a response from the official maintainers right now, but this repo will do for the meantime.
文件快照
[4.0K] /data/pocs/673d8f6e251c7c799b81cf471b9548401a480f54
├── [5.1K] 0001-telnetd-Fix-buffer-overflows.patch
├── [2.6K] 0037-telnet-Validate-supplied-environment-variables.-CVE-.patch
├── [ 371] inetutils.install
├── [ 15K] PKGBUILD
├── [ 504] README.md
└── [ 127] telnetd.pam
0 directories, 6 files
备注
1. 建议优先通过来源进行访问。
2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →