Difference between revisions of "Talk:OpenSharedCacheFile"

From The iPhone Wiki
Jump to: navigation, search
 
(3 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
Does this allow root access? Also, could we add that it was patched in 6.1.3/6.1.4 (possibly 6.1.6, I'll test that)? --[[User:Awesomebing1|Awesomebing1]] ([[User talk:Awesomebing1|talk]]) 02:13, 23 March 2015 (UTC)
 
Does this allow root access? Also, could we add that it was patched in 6.1.3/6.1.4 (possibly 6.1.6, I'll test that)? --[[User:Awesomebing1|Awesomebing1]] ([[User talk:Awesomebing1|talk]]) 02:13, 23 March 2015 (UTC)
 
:[http://www.cvedetails.com/cve/CVE-2013-3950/ CVE Details] stands, that the last vulnerable version is 6.1.3. I don't think, that this vulnerability can cause any privilege escalations. --[[User:Rzhikharevich|Rzhikharevich]] ([[User talk:Rzhikharevich|talk]]) 17:16, 23 March 2015 (UTC)
 
:[http://www.cvedetails.com/cve/CVE-2013-3950/ CVE Details] stands, that the last vulnerable version is 6.1.3. I don't think, that this vulnerability can cause any privilege escalations. --[[User:Rzhikharevich|Rzhikharevich]] ([[User talk:Rzhikharevich|talk]]) 17:16, 23 March 2015 (UTC)
  +
::I don't know for sure, but since the only changed files are various executables (e.g recompiling stuff) and the OpenSSL fix, there's nothing else changed. I will test this in a bit. --[[User:Awesomebing1|Awesomebing1]] ([[User talk:Awesomebing1|talk]]) 17:17, 23 March 2015 (UTC)
  +
:::Well, I ran it. Turns out you actually have to put 2000 As. Ugh. Anyway, it outputs
  +
<pre>dyld: stack buffer overrun
  +
Trace/BPT trap: 5</pre>
  +
  +
Not sure if that means if it was patched. I'm guessing it means it does, since in the presentation I was copying off it said it Segementation Faulted.--[[User:Awesomebing1|Awesomebing1]] ([[User talk:Awesomebing1|talk]]) 22:20, 23 March 2015 (UTC)
  +
  +
<sjeezpwn>yes this is patched, when i said 1024 A's, that was just a guess, you have to try around 30-40 times to see where the PC register is, once you know where PC is you need to insert your shellcode right after

Latest revision as of 22:33, 24 March 2015

Does this allow root access? Also, could we add that it was patched in 6.1.3/6.1.4 (possibly 6.1.6, I'll test that)? --Awesomebing1 (talk) 02:13, 23 March 2015 (UTC)

CVE Details stands, that the last vulnerable version is 6.1.3. I don't think, that this vulnerability can cause any privilege escalations. --Rzhikharevich (talk) 17:16, 23 March 2015 (UTC)
I don't know for sure, but since the only changed files are various executables (e.g recompiling stuff) and the OpenSSL fix, there's nothing else changed. I will test this in a bit. --Awesomebing1 (talk) 17:17, 23 March 2015 (UTC)
Well, I ran it. Turns out you actually have to put 2000 As. Ugh. Anyway, it outputs
dyld: stack buffer overrun
Trace/BPT trap: 5

Not sure if that means if it was patched. I'm guessing it means it does, since in the presentation I was copying off it said it Segementation Faulted.--Awesomebing1 (talk) 22:20, 23 March 2015 (UTC)

<sjeezpwn>yes this is patched, when i said 1024 A's, that was just a guess, you have to try around 30-40 times to see where the PC register is, once you know where PC is you need to insert your shellcode right after