BootStomp: Find Mobile Device Bootloader Vulnerabilities

PenTestIT RSS Feed Oh boy! This post is going to be interesting as it is about an interesting topic - mobile bootloaders. Specifically, this post is about BootStomp, which helps you find vulnerabilities in the bootloader. All of us know; as the name suggests, that bootloader is a program loads th...

Huawei Cell Phone Write Arbitrary Memory Vulnerability

Huawei P10 and P10 Plus are both smartphone products from Chinese company Huawei Huawei. A write-anywhere memory vulnerability exists in the Bootloader of the Huawei P10 and P10 Plus due to a lack of parameter checking. An attacker who has gained root access to the Android system can trick the us...

Huawei Mobile Phone Bootloader Memory Access Out-of-Bounds Vulnerability

Huawei P10 and P10 Plus are both smartphone products from Chinese company Huawei Huawei. A memory access out-of-bounds vulnerability exists in the Bootloader of Huawei P10 and P10 Plus due to lack of parameter checking. An attacker who has gained root access to Android could trick users into...

The return of Mamba ransomware

At the end of 2016, there was a major attack against San Francisco's Municipal Transportation Agency. The attack was done using Mamba ransomware. This ransomware uses a legitimate utility called DiskCryptor for full disk encryption. This month, we noted that the group behind this ransomware has...

Multiple Huawei phones vulnerable to bypassing unlock code checksums

The Honor 8, Honor V8, Honor 9, Honor V9, Enjoy 7 Plus, P9, P10 Plus, Nova 2, and Nova 2 Plus are a smartphone from the Chinese company Huawei Huawei. Multiple Huawei phones are vulnerable to bypassing the unlock code checksum. An attacker who gains root access in the phone can use the...

Privilege Control Vulnerability in Multiple Huawei Phones

The Honor 8, Honor V8, Honor 9, Honor V9, Enjoy 7 Plus, P9, P10 Plus, Nova 2, and Nova 2 Plus are a smartphone from the Chinese company Huawei Huawei. Several Huawei phones have a privilege control vulnerability. An attacker who gains system privileges in the phone can use the vulnerability to...

Input validation

The OnePlus 2 Primary Bootloader PBL does not validate the SBL1 partition before executing it, although it contains a certificate. This allows attackers with write access to that partition to disable signature validation...

CVE-2017-11105

The OnePlus 2 Primary Bootloader PBL does not validate the SBL1 partition before executing it, although it contains a certificate. This allows attackers with write access to that partition to disable signature validation...

OnePlus 2 SBL1 Partition Authentication Vulnerability

OnePlus 2 is a smartphone from China's OnePlus Technology OnePlus.Primary Bootloader PBL is one of the primary bootloaders. A security vulnerability exists in the OnePlus 2 PBL. An attacker can exploit the vulnerability to disable signature verification...

NetComm Wireless 4GT101W Router Cross-Site Request Forgery Vulnerability

NetComm Wireless 4GT101W routers is a wireless router product from NetComm Wireless Australia. A cross-site request forgery vulnerability exists in NetComm Wireless 4GT101W routers running hardware version 0.01/software version V1.1.8.8/bootloader version 1.1.3. A remote attacker could exploit th...

NetComm Wireless 4GT101W Router Information Disclosure Vulnerability

NetComm Wireless 4GT101W routers is a wireless router product from NetComm Wireless Australia. A security vulnerability in NetComm Wireless 4GT101W routers running hardware version 0.01/software version V1.1.8.8/bootloader version 1.1.3 stems from the program's failure to perform an authenticatio...

NetComm Wireless 4GT101W Router Cross-Site Scripting Vulnerability

NetComm Wireless 4GT101W routers is a wireless router product from NetComm Wireless Australia. A cross-site scripting vulnerability exists in NetComm Wireless 4GT101W routers running hardware version 0.01/software version V1.1.8.8/bootloader version 1.1.3. A remote attacker can exploit this...

CVE-2017-1000363

Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parportptr integer is static, a 'secure boot' kernel command line adversary can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partia...

Integer overflow

Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parportptr integer is static, a 'secure boot' kernel command line adversary can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partia...

CVE-2017-1000363

Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parportptr integer is static, a 'secure boot' kernel command line adversary can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partia...

[slackware-security] Slackware 14.0 kernel

New kernel packages are available for Slackware 14.0 to fix security issues. Here are the details from the Slackware 14.0 ChangeLog: patches/packages/linux-3.2.90/: Upgraded. This kernel fixes security issues including "Stack Clash". The issues may result in denial-of-service conditions or may...

[slackware-security] kernel

New kernel packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/linux-4.4.75/: Upgraded. This kernel fixes security issues that include possible stack exhaustion, memory corruption, and arbitrary co...

EternalPetya – yet another stolen piece in the package?

Since June 27th we have been investigating the outbreak of the new Petya-like malware armed with an infector similar to WannaCry. Since day one, various contradicting theories started popping up. Some believed that this malware is a rip-off of the original Petya, while others think that it is...

CVE-2016-10277 in MOTO X Mobile phone on the exploit practice-vulnerability warning-the black bar safety net

CVE-2016-10277 is present in the Motorola series phones bootloader high-risk vulnerabilities, you can by kernel command injection hijacking the phone startup process, loads the attacker's control of the initramfs, so as to achieve the root mention the right purpose. Our hands on just to have a...

GNU GRUB Denial of Service Vulnerability

GNU GRand Unified Bootloader GRUB is a multiple bootloader. A denial of service vulnerability exists in GNU GRUB. An attacker could exploit the vulnerability to crash the affected application, resulting in a denial of service condition...