這個 Luigi Auriemma 大牛 挖各種遠程開端口軟件的漏洞啊 ,牛叉...
沒事看下他挖的幾個關於HP 3COM/H3C Intelligent Management 的漏洞 ,不用補丁對比,自己跟着看了一遍,當然了 是猜測 並不一定正確。
.text:0040AA05 loc_40AA05: ; CODE XREF: sub_40A990+94j
.text:0040AA05 cmp esi, [esp+28h+arg_4]
.text:0040AA09 jnb short loc_40AA26
.text:0040AA0B cmp ebx, 10h
.text:0040AA0E jge short loc_40AA26
.text:0040AA10 movzx eax, al
.text:0040AA13 push eax ; C
.text:0040AA14 call ebp ; toupper
.text:0040AA16 inc esi
.text:0040AA17 mov [esp+ebx+2Ch+Str1], al
.text:0040AA1B mov al, [edi+esi]
.text:0040AA1E add esp, 4
.text:0040AA21 inc ebx
.text:0040AA22 test al, al
.text:0040AA24 jnz short loc_40AA05
int __thiscall TFTP__handleEvent_calc_pointer_by_opcode(void *this, signed int *a2)
{
signed int v2; // eax@1
int result; // eax@3
v2 = *a2;
if ( *a2 < 1 || v2 > 5 ) // fix CVE-2011-1853
result = 0;
else
result = *((_DWORD *)this + v2 - 1);
return result;
}
v5 = a2->tainted_filed_2_block_num;
if ( v5 >= (signed int)0x10000u || (v6 = 0, !v5) )// fix CVE-2011-1852 block_num*0x200
{
log_record(-1, "[TFTP::handleDATA90] Invalid block number: %d", a2->tainted_filed_2_block_num);
v22 = 5;
v19 = (int)&v22;
goto LABEL_41;
}
看他挖漏洞的效率和挖的類型類看,應該是長期研究網絡協議fuzz或者啥的,屬於高產型 膜拜