Page 1 of 1
libpng exploit
Posted: Wed Jun 27, 2012 7:45 pm
by timoo
CVE-2011-3026 and CVE-2011-3045
is possible to exploit firmware with crafted .png
my firmware t-valdeuc 3011.0 have this vulnerability in libpngGP.so and libKonfabulator.so
maybe possible vulnerability in E firmware
Re: libpng exploit
Posted: Wed Jun 27, 2012 7:54 pm
by juusso
Sounds interesting. Actually you should
read here and maybe collaborate too..
Re: libpng exploit
Posted: Wed Jun 27, 2012 9:21 pm
by Th3avatar
It's really difficult to debug on TV and most of those vulnerabilities (like ours) might possibly cause remote execution.
The hard part is to actually craft a file (at least for us now...)
Even when we found the exploit and know how to trigger it, we still don't know what kind of crafted file you must put and where it actually crashes...
Need more experts on this field.
Re: libpng exploit
Posted: Wed Jun 27, 2012 9:59 pm
by timoo
i have no problem with debuggin my tv ue40c8000(IDA+ gdbserver on TV, gdb over ssh works too )
i am working on vulnerable .png which crash libpng -> no exploit for now -> i think i could do that because we have souce code of libpng and possible dump of C,D,E firmware , hard part is only write exploit , i am not so skilled in that
as my tv is already rooted i am only interested about
i agree, we need more experts on this