lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Thu, 23 Jul 2009 09:14:25 -0400
From: Rob Fuller <jd.mubix@...il.com>
To: Thierry Zoller <Thierry@...ler.lu>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: [GSEC-TZO-45-2009] iPhone remote code
	execution

Are there memory protections in 3.x to stop this or is it purely a lack of
time/testing to find the exploit vector?

--
Rob Fuller | Mubix
Room362.com | Hak5.org | TheAcademyPro.com


2009/7/23 Thierry Zoller <Thierry@...ler.lu>

>
> Fell quite behind on this one, here it is.
> ___________________________________________________________________
>
>      Phone &iPod Touch - Remote arbritary code execution
> ___________________________________________________________________
>
>
> Reference : [GSEC-TZO-45-2009] - iPhone remote arbritary code execution
> WWW       : http://www.g-sec.lu/iphone-remote-code-exec.html
> CVE       : CVE-2009-1698
> BID       : 35318
> Credit    : http://support.apple.com/kb/HT3639
> Discovered by : Thierry Zoller
>
> Affected products :
> - iPhone OS 1.x through 2.2.1
> - iPhone OS for iPod touch 1.x through 2.2.1
>
> I. Background
> ¨¨¨¨¨¨¨¨¨¨¨¨¨¨
> Wikipedia quote: "Apple Inc. (NASDAQ: AAPL) is an American multinational
> corporation which designs and manufactures consumer electronics and software
> products. The company's best-known hardware products include "
>
> II. Description
> ¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨
> Calling the CSS attr() attribute with a large number leads to memory
> corruption, heap spraying allows execution of code.
>
> III. Impact
> ¨¨¨¨¨¨¨¨¨¨¨
> Arbitrary remote code execution can be achieved by creating a special
> website and entice
> the victim into visiting that site.
>
> IV. Proof of concept
> ¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨
> None will be released
>
>
> VI. About
> ¨¨¨¨¨¨¨¨¨¨
> G-SEC ltd. is an independent security consultancy group, founded to
> address the growing need for allround (effective) security consultancy
> in Luxembourg.
>
> By providing extensive security auditing, rigid policy design, and
> implementation of cutting-edge defensive/offensive systems, G-SEC
> ensures robust, thorough, and  uncompromising protection for
> organizations seeking enterprise wide data security.
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ