Geekly Articles each Day

Operating system vulnerabilities. Part III



Half way passed. We already know what holes are in the Android OS or macOS. Today we will talk about operating systems that are not as common as the same Android, but deserve no less attention. If you want to familiarize yourself with OS vulnerabilities from the previous parts - here are the references: Part I and Part II .

But for starters, I would like to remind you of why it is these OSs that we are examining today, how vulnerabilities are selected and what data about them is contained in the tables, of which you will see quite a bit lower in the text.

In this part we will study the third five operating systems from the table below (in bold):
OS nameManufacturerTotal number of vulnerabilities for 2017Total number of vulnerabilities for 2016The total number of vulnerabilities for all time statistics
AndroidGoogle6665231357
Linux KernelLinux3812171921
Iphone osApple2931611277
Windows 10Microsoft226172451
Windows Server 2016Microsoft21239251
Windows Server 2008Microsoft212133981
Mac os xApple2102151888
Windows Server 2012Microsoft201156606
Windows 7Microsoft197134838
Windows 8.1Microsoft192154542
Windows RT 8.1Microsoft124139438
Debian linuxDebian953271029
FedoraFedora project84120441
Ubuntu linuxCanonical66279867
WatchosApple6577231
Windows vistaMicrosoft64125814
OpensuseOpensuse project58five119
LeapOpensuse project57260
LeapNovell48260349
XENXEN4428228

Regarding the choice of vulnerabilities for more detailed consideration (since this was already written in the previous part, we will hide everything under the spoiler so as not to lengthen the text):
It is worth considering more closely some of the vulnerabilities seen on one or another OS. The CVE Details portal scores each of them. The number of points depends on the level of damage and mass distribution. The maximum indicator is 10 points. It is about such vulnerabilities (if they exist and if they are unique) that will be discussed further. In order for this article not to become Lenin’s five-volume, we will focus only on three vulnerabilities from the list, which may contain hundreds.

Regarding the data structure in the tables (since this was already written in the previous part, we will hide everything under the spoiler so as not to lengthen the text):
Description of the tables

In the tables of each of the types of vulnerabilities, certain additional parameters are indicated for a particular vulnerability. More about them.

Impact level

1) confidentiality :

  • Full - the vulnerability allows attackers to access all information on the device;
  • Partial - significant disclosure;
  • None - privacy is not violated;

2) integrity :

  • Full - the integrity of the system is completely compromised, the complete loss of system protection;
  • Partial - modification of some system files or information is possible, but the attacker has no control over what can be changed;
  • None - no impact on the integrity of the system;


3) availability :

  • Full - the vulnerability allows an attacker to completely block access to the resource;
  • Partial - performance degradation or intermittent availability of resources;
  • None - no impact on system availability;

Difficulty of access

  • Low - no special conditions for access are required, as well as no specific knowledge or skills are required;
  • Medium - some conditions must be met to gain access;
  • High - special access conditions limiting the exploit;

Authentication

  • Not required - authentication is not required for the exploit of the vulnerability;
  • Single system - the vulnerability requires the hacker to be logged into the system (for example, via the command line, desktop mode or via the web interface).


1. Windows Rt 8.1





Windows Rt 8.1 is the operating system of the Windows NT family, released October 26, 2012.



DoS

Total vulnerabilities - 36. 10 points scored - 0.

Vulnerability # 1 (9.3)

The usp10.dll in Uniscribe made it possible to add an entry to the EMF + font file, which made it possible to execute the code or result in DoS.

Vulnerability # 2 (9.3)

MSXML 3.0 allowed to create DoS through the created XML content.

Vulnerability # 3 (9.3)

The atmfd.dll in the Adobe Type Manager library allowed a remote attacker to arrange DoS through the font he created with OpenType.


Table of vulnerabilities category "DoS" in the OS Windows Rt 8.1

Bypassing something

53 vulnerabilities in all. 0 scored 10 points.

Vulnerability # 1 (9.3)

The OS allowed attackers to bypass the application sandbox security protocols and perform actions in the registry through the application created.

Vulnerability # 2 (9.3)

The OS allowed attackers to bypass the application sandbox security protocols and perform actions on the file system through the application created.

Vulnerability # 3 (7.6)

The OS could not correctly restrict the exchange of keyboard and mouse data between programs at different levels of integrity, which allowed the attacker to bypass access restrictions by gaining control over the low-level process to launch the on-screen keyboard, and then download the created application.


Vulnerability Table "Crawl" category in Windows Rt 8.1

Code execution

126 vulnerabilities in all. 10 points - 5.

Vulnerability # 1

The OS allowed the hacker to gain control of the system when Windows Search did not cope with the processing of memory objects.

Vulnerability # 2

The OS allowed the hacker to gain control of the system when Windows Search did not cope with the processing of memory objects.

Vulnerability # 3

OS allowed to execute arbitrary code remotely, because it could not process DNS responses.


Code Execution Vulnerability Table in Windows Rt 8.1

Memory damage

Total - 21 vulnerability. 10 points - 0.

Vulnerability # 1 (9.3)

The Imaging component allowed a remote hacker to execute code through the created document.

Vulnerability # 2 (9.3)

Animation Manager allowed a remote hacker to execute code through the created website.

Vulnerability # 3 (9.3)

The Media Foundation allowed the remote hacker to execute code through the website created.


Table of vulnerabilities of the category "memory corruption" in the OS Windows Rt 8.1

Access to the information

A total of 108 vulnerabilities detected. 10 points - 0.

Vulnerability # 1 (7.2)

Kernel-mode drivers could give an authenticated attacker the opportunity to execute an application created by him for information or even DoS.

Vulnerability # 2 (6.6)

win32k.sys in the kernel mode drivers made it possible for local users to acquire information from the kernel memory through the application created.

Vulnerability # 3 (5.8)

SChannel could not guarantee that the certificate of the X.509 server during the renewal is the same as before the renewal, which made it possible to obtain information or modify the TLS data through a "triple handshake attack".


Vulnerability table of the category "Access to Information" in Windows OS Rt 8.1

Privilege increase

Total - 155. 10 points scored 2.

Vulnerability # 1 (10)

OS kernel mode drivers allowed a local user to obtain privileges through the application created.

Vulnerability # 2 (10)

The Graphics component in the OS kernel allowed local users to get privileges through the application created.

Vulnerability # 3 (9.3)

Traversing the directory in the TSWbPrxy component of the OS made it possible to obtain privileges through the path created in the executable file.


Vulnerability table of the “Privilege Increase” category in Windows Rt 8.1

Overflow

Total - 48. 10 points - 0.

Vulnerability # 1 (9.3)

The Uniscribe component, when an attempt to correctly process memory objects failed, resulted in the possibility of executing code.

Vulnerability # 2 (9.3)

The JET Database Engine gave control over the system, since it was processing memory objects.

Vulnerability # 3 (9.3)

The JET Database Engine gave control over the system, since it was processing memory objects.


Table of vulnerabilities category "Overflow" in OS Windows Rt 8.1

As in the previous version of Windows - the 8th, there is the same trend. A greater number of vulnerabilities relate to increased privileges, which leads to the possibility of activating remotely malicious software, which, in turn, can exploit other vulnerabilities and lead to various kinds of consequences.

2. Debian Linux



Debian Linux is an operating system first released on August 16, 1993. One of the most popular incarnations of Linux, Debian is suitable for use on both workstations and servers.

Funny fact: all working versions of the OS are named after the characters of the animated film “Toy Story”. But the unstable version is called Sid (that was the name of the boy in the same cartoon that mocked the toys).



DoS

Total - 500 vulnerabilities. However, among such a large number, only 16 scored 10 points.

Vulnerability # 1

The xmlNextChar function in libxml2 allowed using a generated XML document to organize DoS by a remote hacker.

Vulnerability # 2

A buffer overflow in the heap of the encode_msg function in encode_msg.c in the SEAS Kamailio module allowed a remote attacker to arrange a DoS or execute code through a large SIP packet.

Vulnerability # 3

A number of unidentified vulnerabilities in Mozilla Firefox browser up to version 46.0 and Firefox ESR 45.x up to version 45.1 allowed a remote attacker to organize DoS through an undefined vector.


Table of vulnerabilities category "DoS" in the OS Debian Linux

Bypassing something

Of the 67 vulnerabilities, only 4 scored 10 points.

Vulnerability # 1

Gallery version 1.4.3 and later allowed you to bypass authentication and get Gallery administrator privileges.

Vulnerability # 2

Google Chrome, older than 48.0.2564.116, allowed you to bypass the rule of restricting the Blink domain and bypass the sandbox security protocols through an unspecified vector.

Vulnerability # 3

The pam_sm_authenticate function in pam_sshauth.c in libpam-sshauth allowed context-sensitive hackers to bypass authentication or obtain privileges through the user's system account.


Vulnerability Table "Crawl" category on Debian Linux OS

Code execution

Total - 200. 10 points - 25.

Vulnerability # 1

A number of unidentified vulnerabilities in Mozilla Firefox browser up to version 46.0 and Firefox ESR 45.x up to version 45.1 allowed a remote attacker to organize DoS through an undefined vector.

Vulnerability # 2

The OpenBlob function in blob.c in GraphicsMagick prior to version 1.3.24 and ImageMagick allowed an attacker to execute arbitrary code by using the “|” symbol at the beginning of the file name.

Vulnerability # 3

The use-after-free vulnerability in __sys_recvmmsg in net / socket.c in the Linux kernel up to version 4.5.2 allowed a remote attacker to execute arbitrary code through vectors due to the use of an improper recvmmsg system call during error handling.


Code Execution Vulnerability Table on Debian Linux OS

Memory damage

Total - 37 vulnerabilities. Of these, 10 points scored 4.

Vulnerability # 1

A number of unidentified vulnerabilities in Mozilla Firefox browser up to version 46.0 and Firefox ESR 45.x up to version 45.1 allowed a remote attacker to organize DoS through an undefined vector.

Vulnerability # 2

A buffer overflow in the heap of the encode_msg function in encode_msg.c in the SEAS Kamailio module allowed a remote attacker to arrange a DoS or execute code through a large SIP packet.

Vulnerability # 3

A number of unidentified vulnerabilities in Mozilla Firefox browser up to version 46.0 and Firefox ESR 45.x up to version 45.1 allowed a remote attacker to organize DoS through an undefined vector.


Table of vulnerabilities of the category "memory corruption" in the OS Debian Linux

Access to the information

Total - 77. 10 points - 0 vulnerabilities.

Vulnerability # 1 (9.0)

The oarsh script in OAR up to version 2.5.7 allowed the remote authenticated cluster user to get valuable information and get privileges through vectors that include the OpenSSH options.

Vulnerability # 2 (7.5)

The htmlParseComment function in HTMLparser.c in libxml2 allowed access to information through an unclosed HTML comment.

Vulnerability # 3 (7.2)

x86 Xen emulation from 3.2.x to version 4.5.x incorrectly ignored redefinition of segments for instructions with register operands , which allowed the local guest user to get information through an unspecified vector.

The operand is the argument of the operation.


Vulnerability table of the Access to Information category on the Debian Linux OS

Privilege increase

Total detected 41 vulnerabilities. 10 points scored 2 of them.

Vulnerability # 1 (10)

The rpc.statd in the nfs-utils package on various Linux distributions did not include strings with an unreliable format, which made it possible to obtain privileges remotely.

Vulnerability # 2 (10)

The pam_sm_authenticate function in pam_sshauth.c in libpam-sshauth allowed context-sensitive hackers to bypass authentication or obtain privileges through the user's system account.

Vulnerability # 3 (9.0)

PostgreSQL incorrectly restricted access for unspecified user configuration settings for PL / Java, which allowed an attacker to obtain privileges through an unspecified vector.


Vulnerability privilege elevation table in Debian Linux OS

Overflow

Total - 294. 10 points - 25.

Vulnerability # 1

A software overflow in the PointGFp constructor in Botan allowed a remote attacker to rewrite the memory and execute arbitrary code through the point created by ECC , which caused a heap overflow.

ECC - error-correcting code.

Vulnerability # 2

A buffer overflow in the heap of the encode_msg function in encode_msg.c in the SEAS Kamailio module allowed a remote attacker to arrange a DoS or execute code through a large SIP packet.

Vulnerability # 3

A number of unidentified vulnerabilities in Mozilla Firefox browser up to version 46.0 and Firefox ESR 45.x up to version 45.1 allowed a remote attacker to organize DoS through an undefined vector.


Table of vulnerabilities category "Overflow" in the OS Debian Linux

Despite the rather large number of vulnerabilities, especially in the DoS category, the level of their exploit and corresponding consequences is not so great. Due to its specific architecture, the Debian Linux OS can withstand most malicious attacks, which makes it extremely popular among companies that value their data. Even NASA uses this OS on astronaut workstations on the ISS.

3. Fedora



Fedora is the distribution of the GNU / Linux operating system, first released on November 6, 2003. This distribution is fully supported by the community, that is, those who use it and those who develop software for it. Fedora is a kind of sandbox for developers, as the software consists of free software, i.e. one that can be used indefinitely and even changed by the user.



DoS

Of the 205 vulnerabilities, 10 scored the maximum score.

Vulnerability # 1

Software overflow in the RTPReceiverVideo :: ParseRtpPacket function in Mozilla Firefox up to version 43.0 and in Firefox ESR 38.x up to version 38.5 allowed the hacker to get information, organize DoS through activating the WebRTC RTP package.

Vulnerability # 2

The buffer overflow in the XDRBuffer :: grow function in js / src / vm / Xdr.cpp in Mozilla Firefox prior to version 43.0 made it possible to arrange DoS through the generated JavaScript code.

Vulnerability # 3

The buffer overflow in the nsDeque :: GrowCapacity function in xpcom / glue / nsDeque.cpp in Mozilla Firefox prior to version 43.0 made it possible to arrange DoS through changing the size of the deck .

December - deque is the abbreviated phrase "double-ended-queue", which, in translation from English, means two-way queue. Container Dec is very similar to container - Vector, as well as Vectors, Decks are dynamic arrays.


The DoS category vulnerability table on Fedora

Bypassing something

Not one vulnerability out of 25 did not score 10 points.

Vulnerability # 1 (9.3)

OpenOffice.org (versions: 2.x, 3.0 to 3.2.1) allowed you to bypass Python macro security restrictions and execute Python code through the generated ODT file.

Vulnerability # 2 (9.3)

The scm plugin in mock allowed to bypass the chroot protection mechanisms and get root privileges through the created spec file.

Vulnerability # 3 (7.5)

ganglia-web up to version 3.7.1 allowed to bypass authentication.


Vulnerability Table "Crawl" category in Fedora OS

Code execution

Total - 84. 10 points - 6.

Vulnerability # 1

The get_rpm_nvr_by_file_path_temporary function in util.py in setroubleshoot prior to version 3.2.22 allowed the command to be executed via the metacharacters in the file name.

Vulnerability # 2

Software overflow in the RTPReceiverVideo :: ParseRtpPacket function in Mozilla Firefox up to version 43.0 and in Firefox ESR 38.x up to version 38.5 allowed the hacker to get information, organize DoS through activating the WebRTC RTP package.

Vulnerability # 3

A number of unknown vulnerabilities in Mozilla Firefox browser up to version 43.0 allowed a remote attacker to execute arbitrary code via an uninstall vector.


Code Execution Vulnerability Table in Fedora

Memory damage

Total - 12. 10 points - 4.

Vulnerability # 1

The mozilla :: dom :: OscillatorNodeEngine :: ComputeCustom function in the Web Audio subsystem in Mozilla Firefox prior to version 29.0 and SeaMonkey up to version 2.26 allowed remote attackers to execute arbitrary code or arrange DoS through the created content.

Vulnerability # 2

Many unknown vulnerabilities in Mozilla Firefox browser up to version 43.0 and Firefox ESR 38.x up to version 38.5 allowed attackers to arrange DoS, damage memory and execute arbitrary code.

Vulnerability # 3

A number of unknown vulnerabilities in Mozilla Firefox browser up to version 43.0 allowed a remote attacker to execute arbitrary code via an undefined vector.


Memory Corruption Vulnerability Table for Fedora

Access to the information

Of the 53 vulnerabilities, only one scored 10 points.

Vulnerability # 1 (10)

Software overflow in the RTPReceiverVideo :: ParseRtpPacket function in Mozilla Firefox up to version 43.0 and Firefox ESR 38.x up to version 38.5 allowed remote attackers to obtain information, arrange DoS through the activation of the created WebRTC RTP package.

Vulnerability # 2 (7.2)

x86 Xen emulation from 3.2.x to version 4.5.x incorrectly ignored redefinition of segments for instructions with register operands, which allowed the local guest user to get information through an unspecified vector.

Vulnerability # 3 (6.9)

Multiple software overflows in Grub2 1.98-2.02 allowed to bypass authentication, get information, or arrange DoS through a space in the grub_username_get function in grub-core / normal / auth.c or the grub_password_get function in lib / crypto.c, which caused errors in the memory “Off” -by-two and out of bounds overwrite.


The Access to Information Vulnerability Table on Fedora

Privilege increase

Of the 20 vulnerabilities, only one scored 10 points.

Vulnerability # 1 (10)

libuv prior to version 0.10.34 incorrectly handled group privileges, which allowed the attacker to obtain privileges through an unspecified vector.

Vulnerability # 2 (9.3)

The scm plugin in mock allowed to bypass the chroot protection mechanisms and get root privileges through the created spec file.

Vulnerability # 3 (7.5)

The XGetImage function in X.org libX11 up to version 1.6.4 allowed remote X servers to obtain privileges through vectors including the image type and geometry, which caused an out-of-bounds read operation.


Privilege Increase Vulnerability Table in Fedora OS

Overflow

8 vulnerabilities out of 123 scored 10 points.

Vulnerability # 1

The buffer overflow in the DirectWriteFontInfo :: LoadFontFamilyData function in gfx / thebes / gfxDWriteFontList.cpp in Mozilla Firefox prior to version 43.0 allowed crackers to arrange DoS and have other types of implementations through the font name.

Vulnerability # 2

The buffer overflow in the XDRBuffer :: grow function in js / src / vm / Xdr.cpp in Mozilla Firefox prior to version 43.0 allowed the remote attacker to arrange DoS through the generated JavaScript code.

Vulnerability # 3

The buffer overflow in the nsDeque :: GrowCapacity function in xpcom / glue / nsDeque.cpp in Mozilla Firefox browser prior to version 43.0 allowed the remote attacker to arrange DoS by activating the resize of the deck.


Overflow Vulnerability Table in Fedora

Despite the fact that Fedora has been around for almost 15 years, the total number of vulnerabilities recorded is relatively small. It can be argued that this is due to the use of open source software. Since the users themselves improve it. The more people working on the software, the more chances he has to avoid some bugs and holes. As they say, one head is good, but two is better.

4. Ubuntu Linux




Ubuntu Linux is an operating system based on Debian GNU / Linux. The first appearance is October 20, 2004. The estimated number of users is about 20 million. Another OS with free software. Extremely popular. It is used both in the French government, and as the main OS on Google’s workstations, and as a database server for the Wikipedia project, etc.



DoS

Of the 441 vulnerabilities, only 12 scored 10 points.

Vulnerability # 1

A number of unidentified vulnerabilities in Google Chrome prior to version 50.0.2661.75 resulted in DoS via an unidentified vector.

Vulnerability # 2

The xmlNextChar function in libxml2 up to version 2.9.4 allowed the remote attacker to arrange DoS through the generated XML document.

Vulnerability # 3

The usbip_recv_xbuff function in drivers / usb / usbip / usbip_common.c in the Linux kernel before version 4.5.3 allowed the remote attacker to arrange DoS through the created value in the USB / IP package.


Table of vulnerabilities category "DoS" in OS Ubuntu Linux

Bypassing something

Of the 70 vulnerabilities, no one was awarded 10 points.

Vulnerability # 1 (9.3)

OpenOffice.org (versions: 2.x, 3.0 to 3.2.1) allowed you to bypass Python macro security restrictions and execute Python code through the generated ODT file.

Vulnerability # 2 (9.0)

The openvswitch-agent process in OpenStack Neutron from 2013.1 to 2013.2.4 and from 2014.1 to 2014.1.1 allowed the remote authenticated user to bypass the security protocols through the wrong CIDR in the group security rule, which prevented the activation of other rules.

Vulnerability # 3 (7.5)

The nbd-server in Network Block Device (nbd) up to version 3.5 incorrectly checked IP addresses, which could allow a remote attacker to bypass the established access restrictions via an IP address which partially coincides in the authfile configuration file.


Vulnerability Table "Crawl" category on Ubuntu Linux

Code execution

18 vulnerabilities out of 152 scored 10 points.

Vulnerability # 1

EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN and PLT coders in ImageMagick up to version 6.9.3-10 and 7.x up to version 7.0.1-1 allowed the remote hacker to execute code through the metacharacters shell in the created image.

Vulnerability # 2

The OpenBlob function in blob.c in GraphicsMagick prior to version 1.3.24 and ImageMagick allowed a remote attacker to execute arbitrary code through the “|” symbol at the beginning of the file name.

Vulnerability # 3

The use-after-free vulnerability in the __sys_recvmmsg function in net / socket.c in the Linux kernel version 4.5.2 allowed a remote attacker to execute arbitrary code through vectors due to the use of an improper system call recvmmsg during error handling.


Code Execution Vulnerability Table in Ubuntu Linux OS

Memory damage

10 points out of 41 vulnerabilities scored only 6.

Vulnerability # 1

Many unknown vulnerabilities in Mozilla Firefox browser up to version 39.0, Firefox ESR 31.x up to 31.8 and from 38.x up to 38.1, as well as Thunderbird up to version 38.1 allowed the remote hacker to damage the memory through an unspecified vector.

Vulnerability # 2

A number of unidentified vulnerabilities in Mozilla Firefox browser up to version 40.0 and Firefox ESR from 38.x to 38.2 made it possible for a remote attacker to cause memory damage and application crashes through an unspecified vector.

Vulnerability # 3

A number of unidentified vulnerabilities in Mozilla Firefox browser up to version 40.0 made it possible for a remote attacker to cause memory damage through an unidentified vector.


Table of vulnerabilities of the category "memory corruption" in the OS Ubuntu Linux

Access to information

None of the 86 vulnerabilities scored 10 points.

Vulnerability # 1 (8.5)

The OZWPAN driver in the Linux kernel up to version 4.0.5 relied on the unchecked field length value during packet parsing, which allowed the remote attacker to obtain information from the kernel memory or to organize DoS through the created package.

Vulnerability # 2 (7.2)

The __switch_to function in arch / x86 / kernel / process_64.c in the Linux kernel incorrectly switched the context of IOPL 64-bit PV Xen guests, which allowed the local guest user to get privileges, arrange DoS or get information using access to the port I / o.

Vulnerability # 3 (7.2)

get_rock_ridge_filename fs/isofs/rock.c Linux 4.5.5 NM, «\0», isofs.


« » Ubuntu Linux



44 , 10 .

№1 (9.0)

PostgreSQL PL/Jav, .

№2 (7.6)

openstack-neutron 2013.2.3-7 rootwrap, .

№3 (7.5)

click/install.py click tarballs ./, .


« » Ubuntu Linux



— 223 . 10 — 14 .

№1

Unknown vulnerability in Oracle Java SE (6u105, 7u91, 8u66); Java SE Embedded 8u65; JRockit R28.3.8 allowed a remote attacker to affect the confidentiality, integrity and availability of the system through a vector including AWT. NOTE: Oracle did not confirm the words of third parties that it was a software buffer overflow in the readImage function, which allowed the remote attacker to execute code through the created image data.

Vulnerability # 2

The xmlNextChar function in libxml2 up to version 2.9.4 allowed a remote attacker to create a buffer overflow through the generated XML document.

Vulnerability # 3

The usbip_recv_xbuff function in drivers / usb / usbip / usbip_common.c in the Linux kernel version 4.5.3 allowed the remote attacker to cause a buffer overflow through the generated length value in the USB / IP package.


Table of vulnerabilities of the category "Overflow" in OS Ubuntu Linux

Most of all vulnerabilities are fixed in the category "DoS" (441), however the critical is extremely small. As for the other categories, among them the number of top-level vulnerabilities also does not cause concern. Resistance to external malicious effects of the system and the insignificance of the consequences of the exploit of vulnerabilities are one of the decisive factors in choosing this OS.

5. WatchOS




WatchOS - a special operating system for Apple Watch, was released on April 24, 2015. The OS is not for the PC, not for the server, but for the wristwatch. But this is still an operating system, and it, like the others, has its drawbacks.



DoS

Of the 181 vulnerabilities, 9 pieces scored 10 points.

Vulnerability # 1

Vulnerability was detected in watchOS prior to version 4. The basis is the “Wi-Fi” component, which allowed the remote attacker to execute code in a privileged context or to set up DoS through the created Wi-Fi traffic.

Vulnerability # 2

The xmlNextChar function in libxml2 up to version 2.9.4 allowed the remote attacker to arrange DoS through the created XML document.

Vulnerability # 3

The LaunchServices component allowed an attacker to execute arbitrary code or organize DoS (memory corruption) through a modified plist.


Table of vulnerabilities in the DoS category in WatchOS OS.

Bypassing something

10 vulnerabilities, of which there are no those that scored 10 points.

Total - 16. 10 points - 0.

Vulnerability # 1 (9.3)

The kernel in watchOS prior to version 2.2 incorrectly restricted the execution permission, which allowed the hacker to bypass the code signature protection mechanism through the created application.

Vulnerability # 2 (7.2)

Implementing the processor_set_tasks API in the OS allowed a local user to bypass the rights protection mechanism and gain access to the task ports of the executable process through the use of root privileges.

Vulnerability # 3 (6.8)

AppSandbox watchOS 2.1 , Contacts .


« -» WatchOS



7 137 10 .

№1

libxml2 watchOS 3 DoS XML .

№2

LaunchServices watchOS 2.1 DoS plist .

plist — , .

№3 (9.3)

IOKit in the OS kernel allowed the hacker to execute code in a privileged context or to arrange DoS through the application created.


Table Execution Code Vulnerability Table on WatchOS

Memory corruption

8 vulnerabilities out of 120 scored 10 points.

Vulnerability # 1 (9.3)

IOHIDFamily allowed a cracker to execute code in a privileged context or to set up a DoS through the application created.

Vulnerability # 2 (9.3)

dyld in Dev Tools allowed a cracker to execute code in a privileged context or arrange DoS through the application created.

Vulnerability # 3 (9.3)

WebKit allowed a cracker to execute code or set up a DoS through the created website.


Table of vulnerabilities in the category "memory corruption" in OS WatchOS



33 , 10 .

№1 (6.8)

libxml2 DoS XML .

№2 (5.8)

xmlSAX2TextNode SAX2.c push- HTML libxml2 2.9.3 DoS XML .

№3 (5.8)

IOAcceleratorFamily watchOS 3 DoS -.


« » WatchOS



1 21 10 .

№1 (10)

DoS .

№2 (7.2)

IOMobileFrameBuffer DOS .

№3 (7.2)

Disk Images DoS .


« » WatchOS



10 154 10 .

№1 (9.3)

GasGauge DoS .

№2 (9.3)

FontParser watchOS 2.2 DoS PDF .

№3 (9.3)

TrueTypeScaler watchOS 2.2 DoS .


«» WatchOS

Apple, , . , , WatchOS . . .

, , , . , . , , Windows Vista , . .

As advertising. These are not just virtual servers! This is a VPS (KVM) with dedicated drives, which can be no worse than dedicated servers, and in most cases - better! We made VPS (KVM) with dedicated drives in the Netherlands and the USA (configurations from VPS (KVM) - E5-2650v4 (6 Cores) / 10GB DDR4 / 240GB SSD or 4TB HDD / 1Gbps 10TB available at a uniquely low price - from $ 29 / month , options are available with RAID1 and RAID10) , do not miss the chance to place an order for a new type of virtual server, where all resources belong to you, as on a dedicated one, and the price is much lower, with a much more productive hardware!

How to build the infrastructure of the building. class c using servers Dell R730xd E5-2650 v4 worth 9000 euros for a penny? Dell R730xd 2 times cheaper? Only we have 2 x Intel Dodeca-Core Xeon E5-2650v4 128GB DDR4 6x480GB SSD 1Gbps 100 TV from $ 249 in the Netherlands and the USA!

Source: https://habr.com/ru/post/408199/

More articles:


All Articles