|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Jann Horn (jann
thejh.net)
Date: Fri May 03 2013 - 17:22:54 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
So, I found a vuln for overwriting kernel memory in kernel code by Broadcom for the
Raspberry Pi (afaik not in the official kernel sources, just in the patched
kernel sources for the raspberry pi). It requires you to be in the "video" group,
so it's not very interesting, I think, but I thought, hey, before you share your
PoC for causing a kerneloops with FD, maybe you should contact Broadcom and tell
them so they have a chance to write a fix!
Well, first step: Check their website.
Result: No security contact mail. No contact mail address at all, actually.
Step two: Connect via SMTP, try RFC-specified mailboxes and other common mailboxes
with "RCPT TO", check which are accepted.
Result: Well, <postmaster> isn't accepted, but a lot of other stuff works! Yay!
Step three: Send mail to the addresses that were accepted by "RCPT TO".
Result: Bounces. Turns out the mailserver just accepts everything, then sends bounces.
Step four: Do a whois, send mail to the DNS admin. Not exactly first choice, but oh well...
Result: Bounces, too, because their second SMTP server sees that the mail comes from their
first SMTP server, looks at my SPF record and figures that Broadcom isn't allowed to send
mails in my name. Hooray.
Step five: Spam somewhat-related IRC channels to figure out a working contact mail.
Result: Doesn't bounce – waiting for a reply.
tl;dr: Broadcom, fix your stupid mailservers!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBAgAGBQJRhDi+AAoJEGhmizV0f2d1KusQAIQy/3trhRdlJjHuBb+gA7yI
yqdiAV2ZMsBKnoYKcS8rNWWITp4G0ffbYUsY7TtkvM00vC5gjq62tRwm3mSERvhD
LbsbbysSUMdFz3mIs1ta8wTfzd5Ag5bNsvsTDiF6MHxGPN8WNGw7umN4QwDZZjzl
1gPXx+IANi0BgNBnngdpU/GfNgWaSgO+w7UUeTRqSPUp0ctNz6i1/vw9cJr7iugM
c0m/8loFqJkZ3iQQVuOP9BcIeNWH9YxNGQ5JIkgN03seLsL5m6IrWISNVbQkEpQr
TnDPqeQEhfdehh+HgZ28Bfev+Se1gNPA0sIKK0MDoG5MZDVOFwTvGZyHMROu6GYr
YB+OSzZfteinQV8j5EprWTMJS0cK9by4CF3TS5m6yoa6F1t96U4cJy/dbdv5YiWd
rBnj0ydnvTO10OMMovymtEoFf7QCNYXlB+vKglwK91AnJu3Zaxrg+Dr2kTegEKCq
07f9lGuaQhyKUAa9THUjTsykJKaX/vlHG88YJdJ1JXM8omCwtrODE+CvmBzQs1Qf
fr8hdKu0KvBxIf2iOKjiQAForQCffYIOSXiW82ay88+beQS51fT6NbE+TLK6ascy
lbhWbeqtImA/zFNK5MOCvkM0GuOzCqLG0Psw1F2C2EP3iTSdH37WIXsq+Fr2/SxC
R3Ws6MQuCPROjDV4hRoq
=9qwL
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]