MotoMAGX weakness of kernel modules hashes
Stefan Schmidt
stefan at datenfreihafen.org
Mon Jun 9 19:38:45 CEST 2008
Hello.
Good news everyone(TM)
Dmitriy Taychenachev found some weakness in the MAGX security model.
Even if we were able to telnet into these devices as root we were
never able to do the system any harm (or better). The kernel-based
security model restricted all the interesting parts of the system.
One of them is the loading of own kernel modules. They are secured
with a hash over the module. Now Dimitry found a weakness in t─e way
the hash is used which gives you the first step in the direction of
getting an own kernel running on these devices. A deeper description
can be found on a wiki page he created:
http://wiki.openezx.org/MotoMAGX_weakness_of_kernel_modules_hashes
Over the next days he will also make some sample exploit code
available.
So give him a warm welcome for this great finding and perhaps even
more great stuff in the future.
regards
Stefan Schmidt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 249 bytes
Desc: Digital signature
Url : http://lists.openezx.org/pipermail/openezx-devel/attachments/20080609/811dd819/attachment.pgp
More information about the openezx-devel
mailing list