libpng exploit

This is general talk area for things that NOT RELATED WITH TV! Instead, about internal works like web site, forum, wiki, or talking, etc...
Post Reply

timoo
Posts: 119
Joined: Mon Aug 16, 2010 6:43 pm
Location: Czech Republic
Contact:

libpng exploit

Post by timoo »

CVE-2011-3026 and CVE-2011-3045
is possible to exploit firmware with crafted .png
my firmware t-valdeuc 3011.0 have this vulnerability in libpngGP.so and libKonfabulator.so
maybe possible vulnerability in E firmware
User avatar
juusso
SamyGO Moderator
Posts: 10129
Joined: Sun Mar 07, 2010 6:20 pm

Re: libpng exploit

Post by juusso »

Sounds interesting. Actually you should read here and maybe collaborate too..
LE40B653T5W,UE40D6750,UE65Q8C
Have questions? Read SamyGO Wiki, Search on forum first!
FFB (v0.8), FFB for CI+ . Get root on: C series, D series, E series, F series, H series. rooting K series, exeDSP/exeTV patches[C/D/E/F/H]

DO NOT EVER INSTALL FIRMWARE UPGRADE
Th3avatar
Posts: 6
Joined: Wed Mar 14, 2012 9:14 am

Re: libpng exploit

Post by Th3avatar »

It's really difficult to debug on TV and most of those vulnerabilities (like ours) might possibly cause remote execution.
The hard part is to actually craft a file (at least for us now...)
Even when we found the exploit and know how to trigger it, we still don't know what kind of crafted file you must put and where it actually crashes...
Need more experts on this field.
timoo
Posts: 119
Joined: Mon Aug 16, 2010 6:43 pm
Location: Czech Republic
Contact:

Re: libpng exploit

Post by timoo »

i have no problem with debuggin my tv ue40c8000(IDA+ gdbserver on TV, gdb over ssh works too )
i am working on vulnerable .png which crash libpng -> no exploit for now -> i think i could do that because we have souce code of libpng and possible dump of C,D,E firmware , hard part is only write exploit , i am not so skilled in that :)as my tv is already rooted i am only interested about :)
i agree, we need more experts on this :)

Post Reply

Return to “General”