ForAllSecure targetted CSDS running CROMU_00095 in round 20.

Type 1 POV

eip:0xbef4d363 - ebx:0xaabec6a3

Execution control corruption via return (return to: 0xbaaaaf58).

Tracing data from eip: 0x8054c11 tracing source of memory: 0xbaaaaf58 (value: 0xbaaaaf5c)

0x8054c0d : receive syscall (return)
0x8054c11: ret // address: 0xbaaaaf58 value: 0xbaaaaf5c

Execution of memory occurred that was not part of the initial text sections or an executably allocated page.

Tracing data from eip: 0xbaaaaf5c tracing source of memory: 0xbaaaaf5c (value: 0xbec6a3bb)

0x8054c0d : receive syscall (return)
0xbaaaaf5c: mov ebx,0xaabec6a3 // address: 0xbaaaaf5c value: 0xbec6a3bb

Negotiated general register: ebx:0xaabec6a3

Tracing data from eip: 0xbaaaaf66 tracing source of register: ebx (value: 0xaabec6a3)

0xbaaaaf5c : mov ebx,0xaabec6a3
0xbaaaaf66: jmp eax // address: ebx value: 0xaabec6a3

Curated by Lunge Technology, LLC. Questions or comments? Send us email