search

skilfoy / CVE-2024-4323-Exploit-POC

This proof-of-concept script demonstrates how to exploit CVE-2024-4323, a memory corruption vulnerability in Fluent Bit, enabling remote code execution.
6 stars 2 forks source link

OS and arch? #1

Open vr-ct opened 1 month ago

vr-ct commented 1 month ago

Does the RCE exploit only work on Windows?

vr-ct commented 4 weeks ago

Thanks for responding! I was referring to the python poc here: https://github.com/skilfoy/CVE-2024-4323-Exploit-POC

I tried this on an Ubuntu 22.04 system with /bin/bash as the code. Perhaps I’m doing this wrong? I can get the service to crash in 2-3 attempts using the Tenable poc.

Best regards, Venky

Venky Raju | CISSP CCSP Field CTO | ColorTokens Inc. (408) 667-4426 | https://calendly.com/venky-raju/30min

From: Sean Kilfoy @.> Date: Friday, May 31, 2024 at 8:12 AM To: skilfoy/CVE-2024-4323-Exploit-POC @.> Cc: Venky Raju @.>, Author @.> Subject: Re: [skilfoy/CVE-2024-4323-Exploit-POC] OS and arch? (Issue #1) [CAUTION: This Email is from outside the Organization. Unless you trust the sender, Don’t click links or open attachments as it may be a Phishing email, which can steal your Information and compromise your Computer.]

This exploit is written in bash, so it's not working on Windows unless you're using WSL.

— Reply to this email directly, view it on GitHubhttps://protect.checkpoint.com/v2/___https:/github.com/skilfoy/CVE-2024-4323-Exploit-POC/issues/1%23issuecomment-2142474952___.YzJ1OmNvbG9ydG9rZW5zaW5jOmM6bzo0MmM1YWMyZjNkM2Y4NWU2YmNlNzc2OTkyZDBiMWZjZjo2OjNjNmU6NjlkZDhjZGFjODUwZmM0OGI4OGViMjY2MzZkYWQyMWRhYWYwMDYyZWM2OTRiMzQyNmM3MGFiZTNjMTAwMDcyNTpoOlQ, or unsubscribehttps://protect.checkpoint.com/v2/___https:/github.com/notifications/unsubscribe-auth/AX3BQV2NTCVH7BDI7QIVAM3ZFCHK7AVCNFSM6AAAAABID72RKWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNBSGQ3TIOJVGI___.YzJ1OmNvbG9ydG9rZW5zaW5jOmM6bzo0MmM1YWMyZjNkM2Y4NWU2YmNlNzc2OTkyZDBiMWZjZjo2OjJjNjA6MjQ3YWZmYjhmYjczZTFmNGQxMWQ0MjZhY2NjMzA1NWNlYTMzYjEwNmFiMzdmNTJkNjY0Nzg4YzhjMDY5NDMwMjpoOlQ. You are receiving this because you authored the thread.Message ID: @.***>

“This email may contain confidential and privileged information intended only for specific purpose and recipient(s). If you are not the intended recipient, kindly delete this message instantly and inform us at @.*** Any disclosure, copying, or distribution of this email, is strictly prohibited.”