Full Disclosure mailing list archives
[CVE-2018-5189] Rumble In The Jungo – A Code Execution Walkthrough
From: Kurtis <kurtis () fidusinfosec com>
Date: Wed, 10 Jan 2018 13:42:09 +0000
** Advisory Information Title: [CVE-2018-5189] Rumble In The Jungo – A Code Execution Walkthrough Blog URL: https://www.fidusinfosec.com/tp-link-remote-code-execution-cve-2017-13772/ Vendor: Jungo Date Published: 10/01/2017 CVE: CVE-2018-5189 ** Vulnerability Summary Leveraging a race condition/double fetch to trigger a pool overflow within the Jungo Windriver allowing a local privilage escalation to SYSTEM. ** Vendor Response Jungo have released a new version of the driver thus mitigating exploitation of this issue. ** Report Timeline Disclosed to vendor – 23/12/2017 Response from vendor, request for initial advisory – 24/12/2017 Initial advisory sent – 29/12/2017 Beta patch sent for testing by vendor – 01/01/2018 Patch confirmed to mitigate vulnerabilities – 01/01/2017 Patch released – 10/01/2017 ** Credit This vulnerability was discovered by Tim Carrington @__invictus_, part of the Fidus Information Security research team. ** References https://www.fidusinfosec.com/tp-link-remote-code-execution-cve-2017-13772/ ** Disclaimer This advisory is licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 License: http://creativecommons.org/licenses/by-nc-sa/3.0/ _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- [CVE-2018-5189] Rumble In The Jungo – A Code Execution Walkthrough Kurtis (Jan 11)