AMD-PSP: fTPM Remote Code Execution via crafted EK certificate
http://seclists.org/fulldisclosure/2018/Jan/12 [seclists.org]
2018-01-07 19:21
tags:
bios
bugfix
cpu
exploit
hardware
security
systems
AMD PSP [1] is a dedicated security processor built onto the main CPU die.
ARM TrustZone provides an isolated execution environment for sensitive and
privileged tasks, such as main x86 core startup.
Some notes on glibc ld.so exploit
http://seclists.org/fulldisclosure/2010/Oct/257 [seclists.org]
2017-12-14 18:59
tags:
development
exploit
library
security
A not particularly noteworthy bug, but a fun wrinkle.
From 2010:
I believe this is still a good idea, and LD_HWCAP_MASK is where I would bet the next big loader bug is going to be, it’s just not safe to let attackers have that much control over the execution environment of privileged programs.
From 2017: http://seclists.org/fulldisclosure/2017/Dec/40
- the memory leak (CVE-2017-1000408) first appeared in glibc 2.1.1 (released on May 24, 1999) and can be reached and amplified through the LD_HWCAP_MASK environment variable;
When Tavis says to remove a feature, it’s a good idea to listen...
source: grugq