This is an archived web site made available for research purposes. The web site is no longer maintained.

ForAllSecure targetted CSDS running CROMU_00095 in round 19.


Type 1 POV

eip:0x51162b10 - ebx:0xd3ced626


Execution control corruption via return (return to: 0xbaaaaf58).

Tracing data from eip: 0x8054c11 tracing source of memory: 0xbaaaaf58 (value: 0xbaaaaf5c)

0x8054c0d : receive syscall (return)
0x8054c11: ret // address: 0xbaaaaf58 value: 0xbaaaaf5c

Execution of memory occurred that was not part of the initial text sections or an executably allocated page.

Tracing data from eip: 0xbaaaaf5c tracing source of memory: 0xbaaaaf5c (value: 0xced626bb)

0x8054c0d : receive syscall (return)
0xbaaaaf5c: mov ebx,0xd3ced626 // address: 0xbaaaaf5c value: 0xced626bb

Negotiated general register: ebx:0xd3ced626

Tracing data from eip: 0xbaaaaf66 tracing source of register: ebx (value: 0xd3ced626)

0xbaaaaf5c : mov ebx,0xd3ced626
0xbaaaaf66: jmp eax // address: ebx value: 0xd3ced626

Curated by Lunge Technology, LLC. Questions or comments? Send us email