Re: Exploit code for PalmOS

[ofriedrichs () SECURITYFOCUS COM (Oliver Friedrichs)]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

What about exploiting a buffer overflow in web clipping, or in it's
email client, or any other information the palm receives.  Seems
logical to me..  almost every other client on any other platform has
been vulnerable to something like this.  Obviously you wont get a
shell, but if you can execute arbitrary code, you have a number of
other things you can achieve.  i.e. mail all of the users sensitive
info to an email address.

Not that I condone this sort of thing, but it's as vulnerable as
anything else.

> -----Original Message-----
> From: Darren Moffat - Solaris Sustaining Engineering
> [mailto:Darren.Moffat () UK SUN COM]
> Sent: Thursday, June 15, 2000 3:44 AM
> To: VULN-DEV () SECURITYFOCUS COM
> Subject: Re: Exploit code for PalmOS
>
>
> > Does anyone here has exploit code (or shell code) for Palm
> OS? We're looking
>
> There isn't a shell in PalmOS so where do you want to get to ?
>
> There also isn't the concept of different user privelge levels.
>
> > to develop a proof of concept exploit.
> > If there's anybody on this list that have something like
> that (or think they
> > are able to develop something like that) please drop me a note.
>
> What would you be wanting to exploit ?  There is no security
> mechanisms
> under PalmOS.  If you have access to the device you can do
> what you like
> to it.  The only protection is using 3rd party encryption software
> to protect data but this doesn't help you protect anything in the
> builtin applications.
>
> You could write virus software of PalmOS but I'm not sure
> about exploting
> stuff.
>
> --
> Darren J Moffat

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com>

iQA/AwUBOUlk0sm4FXxxREdXEQIjXgCg9L/TRk8ikYMVtInRaeICIz9beZoAniYt
GDz+/RZs00l6t8+hdfifdSHw
=qHhO
-----END PGP SIGNATURE-----