Iceweasel xulrunner-18.0/libxul.so Stack Corruption Vulnerability
Veysel hataş
vhatas at gmail.com
Tue Feb 3 13:55:36 UTC 2015
'exploitable' version 1.04
Linux kali 3.7-trunk-amd64 #1 SMP Debian 3.7.2-0+kali6 x86_64
Signal si_signo: 2 Signal si_addr: 0x0
Nearby code:
0x00007ffff7179e1f <+63>: mov rsi,QWORD PTR [rsp+0x10]
0x00007ffff7179e24 <+68>: mov rdi,QWORD PTR [rsp+0x18]
0x00007ffff7179e29 <+73>: mov eax,0x7
0x00007ffff7179e2e <+78>: movsxd rdx,edx
0x00007ffff7179e31 <+81>: syscall
=> 0x00007ffff7179e33 <+83>: mov rdx,rax
0x00007ffff7179e36 <+86>: cmp rdx,0xfffffffffffff000
0x00007ffff7179e3d <+93>: ja 0x7ffff7179e62 <poll+130>
0x00007ffff7179e3f <+95>: mov edi,r8d
0x00007ffff7179e42 <+98>: mov DWORD PTR [rsp+0x18],eax
Stack trace:
# 0 poll at 0x7ffff7179e33 in /lib/x86_64-linux-gnu/libc-2.13.so (BL)
# 1 None at 0x7ffff56ee399 in /usr/lib/xulrunner-18.0/libxul.so
# 2 None at 0x7ffff0a84624 in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.4
# 3 g_main_context_iteration at 0x7ffff0a84744 in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.3200.4
# 4 None at 0x7ffff56ee348 in /usr/lib/xulrunner-18.0/libxul.so
# 5 None at 0x7ffff5704321 in /usr/lib/xulrunner-18.0/libxul.so
# 6 None at 0x7ffff570443a in /usr/lib/xulrunner-18.0/libxul.so
# 7 None at 0x7ffff589d9b4 in /usr/lib/xulrunner-18.0/libxul.so
# 8 None at 0x7ffff5873023 in /usr/lib/xulrunner-18.0/libxul.so
# 9 None at 0x7ffff579550d in /usr/lib/xulrunner-18.0/libxul.so
# 10 None at 0x7ffff58bbf23 in /usr/lib/xulrunner-18.0/libxul.so
# 11 None at 0x7ffff5703d09 in /usr/lib/xulrunner-18.0/libxul.so
# 12 None at 0x7ffff55e06ab in /usr/lib/xulrunner-18.0/libxul.so
# 13 None at 0x7ffff4daa9d7 in /usr/lib/xulrunner-18.0/libxul.so
# 14 None at 0x7ffff4dacb0e in /usr/lib/xulrunner-18.0/libxul.so
# 15 XRE_main at 0x7ffff4dacd27 in /usr/lib/xulrunner-18.0/libxul.so
# 16 _start at 0x402e9f in /usr/lib/iceweasel/iceweasel
Faulting frame: # 1 None at 0x7ffff56ee399 in /usr/lib/xulrunner-18.0/libxul.so
Description: Uncategorized signal
Short description: UncategorizedSignal (21/21)
Hash: adc0e910413c8277a93597dded2c019d.1211be7b00de99ac3cd4df53848c15b4
Exploitability Classification: UNKNOWN
Explanation: The target is stopped on a signal. This may be an
exploitable condition, but this command was unable to categorize it.
'exploitable' version 1.04
Linux kali 3.7-trunk-amd64 #1 SMP Debian 3.7.2-0+kali6 x86_64
Signal si_signo: 2 Signal si_addr: 0x0
Nearby code:
__main__:172: UserWarning: Cannot access memory at address 0x7ffff7179de0
Stack trace:
# 0 poll at 0x7ffff7179e33 in None
# 1 None at 0x7ffff56ee399 in None (BL)
Faulting frame: # 0 poll at 0x7ffff7179e33 in None
Description: Possible stack corruption
Short description: PossibleStackCorruption (6/21)
Hash: 11be9dafbbcc937095c565339a340994.11be9dafbbcc937095c565339a340994
Exploitability Classification: EXPLOITABLE
Explanation: GDB generated an error while unwinding the stack and/or
the stack contained return addresses that were not mapped in the
inferior's process address space and/or the stack pointer is pointing
to a location outside the default stack region. These conditions
likely indicate stack corruption, which is generally considered
exploitable.
Other tags: UncategorizedSignal (21/21)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-mozilla-maintainers/attachments/20150203/41605e09/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: poc.pdf
Type: application/pdf
Size: 579827 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-mozilla-maintainers/attachments/20150203/41605e09/attachment-0001.pdf>
More information about the pkg-mozilla-maintainers
mailing list