Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 23 Mar 2016 02:47:59 +0300
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2015-1805 Linux kernel: pipe: iovec overrun leading to memory corruption

On Tue, Mar 22, 2016 at 03:04:50PM -0600, Scotty Bauer wrote:
> Kingroot is the application it was discovered in by the Zimperium folks.

Thanks.  Meanwhile, @idl3r tweeted what is claimed to be and looks like
a relevant but possibly incomplete PoC for this bug:

<idl3r> Sent a proposal about CVE-2015-1805 to CSW but got no response. Didn't know you guys found it too :D @jduck @ZIMPERIUM
<@...3r> @jduck Here is a rough PoC if you'd like to try, better success rate is also possible https://github.com/idl3r/testcode/blob/master/test2.c

I've attached this file, for archival.

The default target_addr looks like it was being tested on a specific
kernel for AArch64, but there's nothing very arch specific in here.
The SELinux mode check suggests that target_addr is probably meant to
hit that one variable in the kernel, although there are many other
relevant targets.

Alexander

View attachment "CVE-2015-1805.c" of type "text/x-c" (6951 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ