| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 18 Feb 2014 12:45:15 +0800 From: "En.wooyun.org" <help.en@...yun.org> To: full-disclosure@...ts.grok.org.uk Subject: [WooYun-2014-00049] Mac osx & ios Kernel Module Uninitialization *Abstract:* Apple’s operating system IOReportHub has kernel module unitialization vulnerabilities that cause kernel breakdown. *Details:* The problem appears at the third function that moderates “GetValues”. __ZN18IOReportUserClient10_getValuesEy: // IOReportUserClient::_getValues(unsigned long long) 0000000000001f7c 55 push rbp ; XREF=0x17f7 0000000000001f7d 4889E5 mov rbp, rsp 0000000000001f80 4157 push r15 0000000000001f82 4156 push r14 0000000000001f84 4154 push r12 0000000000001f86 53 push rbx 0000000000001f87 4989F6 mov r14, rsi 0000000000001f8a 4989FC mov r12, rdi 0000000000001f8d 498BBC24F0000000 mov rdi, qword [ds:r12+0xf0] 0000000000001f95 E800000000 call 0x1f9a 0000000000001f9a 498BBC2400010000 mov rdi, qword [ds:r12+0x100] ; XREF=0x1f95 0000000000001fa2 488B07 mov rax, qword [ds:rdi] //rdi indicates a “0” object *Proofs of concept:* *[image: 内嵌图片 1]* *Form:* http://en.wooyun.org/bugs/wooyun-2013-041 -- WooYun, an Open and Free Vulnerability Reporting Platform For more information, please visit *http://en.wooyun.org/about.php <http://en.wooyun.org/about.php?>* Content of type "text/html" skipped Download attachment "031600367c37d6440a34c5a9a139919fe3e69452.png" of type "image/png" (546495 bytes) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists