This is an archived web site made available for research purposes. The web site is no longer maintained.

ForAllSecure targetted CSDS running CROMU_00095 in round 18.


Type 1 POV

eip:0xbb5fe9ab - ebx:0x17b898d6


Execution control corruption via return (return to: 0xbaaaaf58).

Tracing data from eip: 0x8054c11 tracing source of memory: 0xbaaaaf58 (value: 0xbaaaaf5c)

0x8054c0d : receive syscall (return)
0x8054c11: ret // address: 0xbaaaaf58 value: 0xbaaaaf5c

Execution of memory occurred that was not part of the initial text sections or an executably allocated page.

Tracing data from eip: 0xbaaaaf5c tracing source of memory: 0xbaaaaf5c (value: 0xb898d6bb)

0x8054c0d : receive syscall (return)
0xbaaaaf5c: mov ebx,0x17b898d6 // address: 0xbaaaaf5c value: 0xb898d6bb

Negotiated general register: ebx:0x17b898d6

Tracing data from eip: 0xbaaaaf66 tracing source of register: ebx (value: 0x17b898d6)

0xbaaaaf5c : mov ebx,0x17b898d6
0xbaaaaf66: jmp eax // address: ebx value: 0x17b898d6

Curated by Lunge Technology, LLC. Questions or comments? Send us email