Vulnerability Development mailing list archives
Re: Exploit code for PalmOS
From: aviram () BEYONDSECURITY COM (Aviram Jenik)
Date: Thu, 15 Jun 2000 20:44:34 +0300
Hi.
There isn't a shell in PalmOS so where do you want to get to ? There also isn't the concept of different user privelge levels
Let me explain myself. A typical exploit involves abusing a certain vulnerability (for example, a buffer overflow condition that enables me to smash the local stack, change the IP/EIP, etc) and a 'shell code' which is pure machine code that executed. I'm looking for the second - a Palm OS 'shell code'. We don't have a specific vulnerability for the Palm, but it's very likely such vulnerabilities exist and are possible to exploit - after all, Palm OS has a stack, and it receives user input (read: buffers can be overflowed). However, assuming we find a buggy Palm applet, we still need a usable code that we can 'plant' (with minor changes) in such a future exploit. The code can be anything - it will only be used to prove the concept. Before developing something like this ourselves (and plunging into this aweful Motorola assembly) I would like to know if anyone here already did that or can do that easily. Anyone who's interested in this or think they can help, please let me know. Regards, Aviram Jenik Beyond Security Ltd. http://www.BeyondSecurity.com http://www.SecuriTeam.com
Current thread:
- Re: Exploit code for PalmOS Darren Moffat - Solaris Sustaining Engineering (Jun 15)
- Re: Exploit code for PalmOS Eddie (Jun 15)
- Re: Exploit code for PalmOS Philip Rowlands (Jun 15)
- Re: Exploit code for PalmOS Aviram Jenik (Jun 15)
- <Possible follow-ups>
- Re: Exploit code for PalmOS Oliver Friedrichs (Jun 15)
- Re: Exploit code for PalmOS Greg Swallow (Jun 16)
- Re: Exploit code for PalmOS Crispin Cowan (Jun 16)
- Re: Exploit code for PalmOS Blue Boar (Jun 17)