So, I found a vuln for overwriting kernel memory in kernel code by Broadcom for the Raspberry Pi (afaik not in the official kernel sources, just in the patched kernel sources for the raspberry pi). It requires you to be in the "video" group, so it's not very interesting, I think, but I thought, hey, before you share your PoC for causing a kerneloops with FD, maybe you should contact Broadcom and tell them so they have a chance to write a fix! Well, first step: Check their website. Result: No security contact mail. No contact mail address at all, actually. Step two: Connect via SMTP, try RFC-specified mailboxes and other common mailboxes with "RCPT TO", check which are accepted. Result: Well, <postmaster> isn't accepted, but a lot of other stuff works! Yay! Step three: Send mail to the addresses that were accepted by "RCPT TO". Result: Bounces. Turns out the mailserver just accepts everything, then sends bounces. Step four: Do a whois, send mail to the DNS admin. Not exactly first choice, but oh well... Result: Bounces, too, because their second SMTP server sees that the mail comes from their first SMTP server, looks at my SPF record and figures that Broadcom isn't allowed to send mails in my name. Hooray. Step five: Spam somewhat-related IRC channels to figure out a working contact mail. Result: Doesn't bounce – waiting for a reply. tl;dr: Broadcom, fix your stupid mailservers!
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/