Editing Bugs & Vulnerabilities
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
== Unknown / unpatched == | == Unknown / unpatched == | ||
=== | === Webkit buffer overflow === | ||
== | * [http://playstationhax.xyz/forums/topic/2807-release-full-rsx-vramio-access-exploit/?do=findComment&comment=28458] | ||
Not Patched | |||
=== RSX VRAM Access === | === RSX VRAM Access === | ||
* [ | * [http://playstationhax.xyz/forums/topic/2807-release-full-rsx-vramio-access-exploit/?do=findComment&comment=28421] | ||
Not Patched | |||
Not Patched | |||
=== Memory corruption and NULL pointer in Unreal Tournament III 1.2 === | === Memory corruption and NULL pointer in Unreal Tournament III 1.2 === | ||
Line 46: | Line 17: | ||
* [http://cxsecurity.com/issue/WLB-2008070060] | * [http://cxsecurity.com/issue/WLB-2008070060] | ||
unsure if it applies to PS3 | |||
=== MacOS X 10.5/10.6 libc/strtod(3) buffer overflow === | === MacOS X 10.5/10.6 libc/strtod(3) buffer overflow === | ||
Line 52: | Line 23: | ||
* [http://cxsecurity.com/issue/WLB-2010010162] | * [http://cxsecurity.com/issue/WLB-2010010162] | ||
unsure if it applies to PS3 | |||
=== OpenPrinter() stack-based buffer overflow === | === OpenPrinter() stack-based buffer overflow === | ||
Line 58: | Line 29: | ||
* [http://seclists.org/fulldisclosure/2007/Jan/474] | * [http://seclists.org/fulldisclosure/2007/Jan/474] | ||
Patched: ? | |||
=== DOM flaw === | === DOM flaw === | ||
Line 65: | Line 35: | ||
http://seclists.org/fulldisclosure/2009/Jul/299 | http://seclists.org/fulldisclosure/2009/Jul/299 | ||
Patched: ? | |||
? | |||
==== | === PS3xploit Kernel Exploit === | ||
Unpatched: To be disclosed. | |||
=== Leakage of PTCH body plaintext over SPI on all BGA SYSCONs === | === Leakage of PTCH body plaintext over SPI on all BGA SYSCONs === | ||
Line 126: | Line 84: | ||
Stack buffer overflow which is fixed around 4.3x or 4.4x. Does not require any privileges. | Stack buffer overflow which is fixed around 4.3x or 4.4x. Does not require any privileges. | ||
Patched: [[4.4x_CEX|4.4x]] | Patched: [[4.4x_CEX|4.4x]] | ||
Line 135: | Line 89: | ||
=== AES CTR vulnerability on SELFs (and ebootroms maybe?) === | === AES CTR vulnerability on SELFs (and ebootroms maybe?) === | ||
Sometimes SCE reused the same AES CTR keys and IVs in different [[ | Sometimes SCE reused the same AES CTR keys and IVs in different [[Certified Files]]. | ||
See also [http://crypto.stackexchange.com/questions/14628/why-do-we-use-xts-over-ctr-for-disk-encryption]. | See also [http://crypto.stackexchange.com/questions/14628/why-do-we-use-xts-over-ctr-for-disk-encryption]. | ||
Patched: since PSVita prototype FWs as their [[Certified Files]] don't use AES CTR but instead AES CBC. | |||
Maybe not patched on ebootroms. | |||
Maybe not patched on | |||
=== PARAM.SFO stack-based buffer overflow === | === PARAM.SFO stack-based buffer overflow === | ||
Line 283: | Line 235: | ||
Source: [http://support.bandainamcogames.com/index.php?/Knowledgebase/Article/View/216/233/afro-samurai-why-doesnt-my-game-start-up-ps3-only] | Source: [http://support.bandainamcogames.com/index.php?/Knowledgebase/Article/View/216/233/afro-samurai-why-doesnt-my-game-start-up-ps3-only] | ||
Patched: in ([[VSH]]) since (unknown) | Patched: in Firmware ([[VSH]]) since (unknown) | ||
{{Reverse engineering}}<noinclude>[[Category:Main]]</noinclude> | {{Reverse engineering}}<noinclude>[[Category:Main]]</noinclude> |