[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FD] [CVE-2018-5189] Rumble In The Jungo – A Code Execution Walkthrough
- To: "fulldisclosure@xxxxxxxxxxxx" <fulldisclosure@xxxxxxxxxxxx>
- Subject: [FD] [CVE-2018-5189] Rumble In The Jungo – A Code Execution Walkthrough
- From: Kurtis <kurtis@xxxxxxxxxxxxxxxx>
- Date: Wed, 10 Jan 2018 13:42:09 +0000
** Advisory Information
Title: [CVE-2018-5189] Rumble In The Jungo – A Code Execution Walkthrough
Blog URL:
https://www.fidusinfosec.com/tp-link-remote-code-execution-cve-2017-13772/
Vendor: Jungo
Date Published: 10/01/2017
CVE: CVE-2018-5189
** Vulnerability Summary
Leveraging a race condition/double fetch to trigger a pool overflow
within the Jungo Windriver allowing a local privilage escalation to SYSTEM.
** Vendor Response
Jungo have released a new version of the driver thus mitigating
exploitation of this issue.
** Report Timeline
Disclosed to vendor – 23/12/2017
Response from vendor, request for initial advisory – 24/12/2017
Initial advisory sent – 29/12/2017
Beta patch sent for testing by vendor – 01/01/2018
Patch confirmed to mitigate vulnerabilities – 01/01/2017
Patch released – 10/01/2017
** Credit
This vulnerability was discovered by Tim Carrington @__invictus_, part of the
Fidus
Information Security research team.
** References
https://www.fidusinfosec.com/tp-link-remote-code-execution-cve-2017-13772/
** Disclaimer
This advisory is licensed under a Creative Commons Attribution Non-Commercial
Share-Alike 3.0 License: http://creativecommons.org/licenses/by-nc-sa/3.0/
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/