Friday, July 23, 2010

exploid works on the Droid X

It has been reported that apperently someone was
able to compile and run the exploid on the oh
so unbreakable Droid X.
There seem to be devices with missing /etc/firmware which
is needed as an exploit vector. However there are other
possibilities to exploit this init-bug. But its not the
scope of 743C to provide working versions for every device.
Please note that this is a non-commercial spare-time project
and I even do not own any device for testing.

If the firmware subsystem doesnt work (it requires /etc/firmware
so an additional path traversal bug can be exploited too),
one may also try the usb, graphics, block, char, sound or mtd
subsystem to create mode 0666 devices or to exploit
a race condition during the device-creat
to chown /dev/mtd. It should be
possible, however I dont have time to do so :)

No comments: