fix some typos and add more case

mudongliang · Oct 30, 2017 · 4273b52 · 4273b52
1 parent cca8caf
commit 4273b52
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 13 deletions.
diff --git a/CVE-2002-1496/README.md b/CVE-2002-1496/README.md
@@ -15,7 +15,7 @@ make
 ```
 main.h:264:5: error: conflicting types for 'getsid'
 ```
-Solution: modify all `getsid`, no matter declaration or definition or use to `this_getsid` in the source code so that type conflict could be avoided
+Solution: modify all `getsid`, no matter declaration or definition or use to `this_getsid` in the source code so that type conflict could be avoided. In old version glibc, getside isn't implemented, symbol binding conflicts when shifting to new version glibc.
 
 ```
 server.c(.text+0xfe1): undefined reference to `pthread_detach'
@@ -37,11 +37,7 @@ sudo ./http/bin/httpd
 
 If you want to see the moment of crash, you may need gdb.
 ```
-sudo su
-gdb ./httpb/httpd
-(gdb) set follow-fork-mode child
-(gdb) r
-
+sudo ./http/bin/http --nodaemon
 ```
 ## PoCs
 [exploit db](https://www.exploit-db.com/exploits/21818/)

diff --git a/CVE-2008-5904/README.md b/CVE-2008-5904/README.md
@@ -30,7 +30,8 @@ In function 'open',
 /usr/include/i386-linux-gnu/bits/fcntl2/h:50:24: error: call to '__open_missing_mode' declared with attribute error: open with O_CREAT in second argument needs 3 arguments
 	__open_missing_mode();
 ```
-Solution: modify `os_calls.c:505` to `return open(file_name, O_RDWR | O_CREAT, S_ORUSR | S_IWUSR)`
+Solution: modify `os_calls.c:505` to `return open(file_name, O_RDWR | O_CREAT, S_ORUSR | S_IWUSR). This problem is specific to earlier version of xrdp. libc API changed.
+```
 
 ## How to trigger vulnerability
 

diff --git a/CVE-2015-7805/README.md b/CVE-2015-7805/README.md
@@ -26,18 +26,20 @@ explanation: `sndfile-play` is actually a wrapper, the real program is '.libs/lt
 ```
 aiff.c
 aiff_read_header() {
-608: dreword = psf_bin_header_readf(psf, "b", cptr, len);
+520:	case COMT_MARKER:
+541: 	dword -= psf_binheader_readf(psf, "b", cptr, len);
 }
 
 common.c
 psf_binheader_readf() {
-	count = va_arg(argptr, size_t);
-	bytes_count = header_read(psf, charptr, count); // count could be 14000 (0x36B0)
+1037:	case 'b':
+1039:		count = va_arg(argptr, size_t);
+1041:		bytes_count = header_read(psf, charptr, count); // count could be 14000 (0x36B0)
 }
 
 header_read (SF_PRIVATE *psf, void *ptr, int bytes) {
-	most -> SIGNED_SIZEOF(psf->header) - psf->headindex; // psf->headindex is controlled by input
-	psf_fread (psf->header + psf->headend, 1, most, psf); // read 'most' bytes from file to psf->header+psf->headend
+810:	most = SIGNED_SIZEOF(psf->header) - psf->headindex; // psf->headindex is controlled by input
+811:	psf_fread (psf->header + psf->headend, 1, most, psf); // read 'most' bytes from file to psf->header+psf->headend
 	// psf is dynamically allocated
 
 	memcpy(ptr, psf->header + psf->headindex, bytes); // you can exploit here

diff --git a/CVE-2017-12858/README.md b/CVE-2017-12858/README.md
@@ -19,7 +19,7 @@ make
 ```
 
 ## PoCs
-[agostino's blog](https://github.com/asarubbo/poc/blob/master/00239-libzip-UAF-_zip_buffer_free`:w)
+[agostino's blog](https://github.com/asarubbo/poc/blob/master/00239-libzip-UAF-_zip_buffer_free)
 
 ## Vulnerability Details & Patch