Date: Wed, 23 Mar 2016 02:47:59 +0300 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Subject: Re: CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption On Tue, Mar 22, 2016 at 03:04:50PM -0600, Scotty Bauer wrote: > Kingroot is the application it was discovered in by the Zimperium folks. Thanks. Meanwhile, @idl3r tweeted what is claimed to be and looks like a relevant but possibly incomplete PoC for this bug: <idl3r> Sent a proposal about CVE-2015-1805 to CSW but got no response. Didn't know you guys found it too :D @jduck @ZIMPERIUM <@...3r> @jduck Here is a rough PoC if you'd like to try, better success rate is also possible https://github.com/idl3r/testcode/blob/master/test2.c I've attached this file, for archival. The default target_addr looks like it was being tested on a specific kernel for AArch64, but there's nothing very arch specific in here. The SELinux mode check suggests that target_addr is probably meant to hit that one variable in the kernel, although there are many other relevant targets. Alexander View attachment "CVE-2015-1805.c" of type "text/x-c" (6951 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ