Vulnerability Development mailing list archives
Re: Exploit code for PalmOS
From: ofriedrichs () SECURITYFOCUS COM (Oliver Friedrichs)
Date: Thu, 15 Jun 2000 16:31:02 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What about exploiting a buffer overflow in web clipping, or in it's email client, or any other information the palm receives. Seems logical to me.. almost every other client on any other platform has been vulnerable to something like this. Obviously you wont get a shell, but if you can execute arbitrary code, you have a number of other things you can achieve. i.e. mail all of the users sensitive info to an email address. Not that I condone this sort of thing, but it's as vulnerable as anything else.
-----Original Message----- From: Darren Moffat - Solaris Sustaining Engineering [mailto:Darren.Moffat () UK SUN COM] Sent: Thursday, June 15, 2000 3:44 AM To: VULN-DEV () SECURITYFOCUS COM Subject: Re: Exploit code for PalmOSDoes anyone here has exploit code (or shell code) for PalmOS? We're looking There isn't a shell in PalmOS so where do you want to get to ? There also isn't the concept of different user privelge levels.to develop a proof of concept exploit. If there's anybody on this list that have something likethat (or think theyare able to develop something like that) please drop me a note.What would you be wanting to exploit ? There is no security mechanisms under PalmOS. If you have access to the device you can do what you like to it. The only protection is using 3rd party encryption software to protect data but this doesn't help you protect anything in the builtin applications. You could write virus software of PalmOS but I'm not sure about exploting stuff. -- Darren J Moffat
-----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com> iQA/AwUBOUlk0sm4FXxxREdXEQIjXgCg9L/TRk8ikYMVtInRaeICIz9beZoAniYt GDz+/RZs00l6t8+hdfifdSHw =qHhO -----END PGP SIGNATURE-----
Current thread:
- Re: Exploit code for PalmOS Darren Moffat - Solaris Sustaining Engineering (Jun 15)
- Re: Exploit code for PalmOS Eddie (Jun 15)
- Re: Exploit code for PalmOS Philip Rowlands (Jun 15)
- Re: Exploit code for PalmOS Aviram Jenik (Jun 15)
- <Possible follow-ups>
- Re: Exploit code for PalmOS Oliver Friedrichs (Jun 15)
- Re: Exploit code for PalmOS Greg Swallow (Jun 16)
- Re: Exploit code for PalmOS Crispin Cowan (Jun 16)
- Re: Exploit code for PalmOS Blue Boar (Jun 17)