Created
September 4, 2017 04:01
-
-
Save timb-machine/a2070f1b0cace8cc9135c8ed4a8dc2f6 to your computer and use it in GitHub Desktop.
CVE-2014-8904 AIX lquerylv EoP
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .text:10000354 .using unk_30000BB4, %r31 | |
| .text:10000354 stw %r3, 0x110+var_28(%sp) | |
| .text:10000358 addi %r3, %r31, 0x48C # a_dbgcmd_lquery # "_DBGCMD_LQUERYLV" | |
| .text:1000035C bl .getenv | |
| .text:10000360 lwz %rtoc, 0x110+saved_toc(%sp) | |
| .text:10000364 lwz %r29, off_30001568 # dword_300015E4 | |
| .text:10000368 .using dword_300015E4, %r29 | |
| .text:10000368 cmpwi %r3, 0 | |
| .text:1000036C bne loc_100006D0 | |
| ... | |
| .text:100006D0 # --------------------------------------------------------------------------- | |
| .text:100006D0 | |
| .text:100006D0 loc_100006D0: # CODE XREF: main+4Cj | |
| .text:100006D0 addi %r3, %r31, 0x3E4 # aTmpDebugcmd # "/tmp/DEBUGCMD" | |
| .text:100006D4 addi %r4, %r31, 0x30 # unk_30000BE4 | |
| .text:100006D8 bl .fopen | |
| .text:100006DC lwz %rtoc, 0x110+saved_toc(%sp) | |
| .text:100006E0 stw %r3, dword_300015E4 | |
| .text:100006E4 b loc_10000374 | |
| .text:100006E4 # End of function main | |
| (not reported by me, but people were curious: http://security.stackexchange.com/questions/79350/what-is-the-crafted-dbgcmd-lquerylv-in-cve-2014-8904) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment