Skip to content
Snippets Groups Projects
Commit 14f1f1fa authored by Werner Sembach's avatar Werner Sembach
Browse files

Update scripts

parent 7f4c7cb5
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
.gitignore
+ 2
0
View file @ 14f1f1fa
...@@ -4,6 +4,8 @@ ...@@ -4,6 +4,8 @@
/buildroot-2018.02.6.tar.gz /buildroot-2018.02.6.tar.gz
/linux-3.10.105 /linux-3.10.105
/linux-3.10.105.tar.gz /linux-3.10.105.tar.gz
/linux-3.18.55
/linux-3.18.55.tar.gz
/linux-4.4.70 /linux-4.4.70
/linux-4.4.70.tar.gz /linux-4.4.70.tar.gz
/linux-4.14.75 /linux-4.14.75
......
README.md
+ 5
0
View file @ 14f1f1fa
### CVE-2017-8890 ### CVE-2017-8890
Vulnerable kernel version:
- 3.10.105
- 3.18.55
- 4.4.70
vuln in inet_csk_clone_lock in net/ipv4/inet_connection_sock.c vuln in inet_csk_clone_lock in net/ipv4/inet_connection_sock.c
- https://elixir.bootlin.com/linux/v3.10.105/source/net/ipv4/inet_connection_sock.c#L674 - https://elixir.bootlin.com/linux/v3.10.105/source/net/ipv4/inet_connection_sock.c#L674
......
compile.sh
+ 1
0
View file @ 14f1f1fa
...@@ -3,6 +3,7 @@ ...@@ -3,6 +3,7 @@
SCRIPTDIR=$(dirname "$0") SCRIPTDIR=$(dirname "$0")
cd $SCRIPTDIR/busybox-1.29.3/_install/ cd $SCRIPTDIR/busybox-1.29.3/_install/
cp ../../rcS etc/init.d/rcS
aarch64-linux-gnu-gcc ../../CVE-2017-8890_PoC.c -o CVE-2017-8890_PoC -static -pthread -O0 aarch64-linux-gnu-gcc ../../CVE-2017-8890_PoC.c -o CVE-2017-8890_PoC -static -pthread -O0
aarch64-linux-gnu-gcc ../../test_ipv6_multicast.c -o test_ipv6_multicast -static -pthread -O0 aarch64-linux-gnu-gcc ../../test_ipv6_multicast.c -o test_ipv6_multicast -static -pthread -O0
find . | cpio -o --format=newc > ../rootfs.img find . | cpio -o --format=newc > ../rootfs.img
rcS 0 → 100755
+ 18
0
View file @ 14f1f1fa
#!/bin/sh
mount -t proc none /proc
mount -t sysfs none /sys
/sbin/mdev -s
# enable localhost
ip link set lo up
# enable ethernet
ip link set eth0 up
# enable ipv6 over ipv4
ip link set sit0 up
# enable fake ipv4 multicast if eth0 is not available
#ip route add 224.0.0.0/4 dev lo
# this ipv6 variant does not work :(
#ip route add ff00::/8 dev lo
run.sh
+ 2
0
View file @ 14f1f1fa
...@@ -8,6 +8,8 @@ elif [ "$1" == "buildroot" ]; then ...@@ -8,6 +8,8 @@ elif [ "$1" == "buildroot" ]; then
qemu-system-aarch64 -M virt -cpu cortex-a53 -nographic -kernel $SCRIPTDIR/linux-4.4.70/arch/arm64/boot/Image -initrd $SCRIPTDIR/buildroot-2018.02.6/output/images/rootfs.cpio -append "console=ttyAMA0 root=/dev/ram rdinit=/init" -s qemu-system-aarch64 -M virt -cpu cortex-a53 -nographic -kernel $SCRIPTDIR/linux-4.4.70/arch/arm64/boot/Image -initrd $SCRIPTDIR/buildroot-2018.02.6/output/images/rootfs.cpio -append "console=ttyAMA0 root=/dev/ram rdinit=/init" -s
elif [ "$1" == "3.10" ]; then elif [ "$1" == "3.10" ]; then
qemu-system-aarch64 -M virt -cpu cortex-a53 -nographic -kernel $SCRIPTDIR/linux-3.10.105/arch/arm64/boot/Image -initrd $SCRIPTDIR/busybox-1.29.3/rootfs.img -append "console=ttyAMA0 root=/dev/ram rdinit=/linuxrc" -s qemu-system-aarch64 -M virt -cpu cortex-a53 -nographic -kernel $SCRIPTDIR/linux-3.10.105/arch/arm64/boot/Image -initrd $SCRIPTDIR/busybox-1.29.3/rootfs.img -append "console=ttyAMA0 root=/dev/ram rdinit=/linuxrc" -s
elif [ "$1" == "3.18" ]; then
qemu-system-aarch64 -M virt -cpu cortex-a53 -nographic -kernel $SCRIPTDIR/linux-3.18.55/arch/arm64/boot/Image -initrd $SCRIPTDIR/busybox-1.29.3/rootfs.img -append "console=ttyAMA0 root=/dev/ram rdinit=/linuxrc" -s
elif [ "$1" == "4.4" ]; then elif [ "$1" == "4.4" ]; then
qemu-system-aarch64 -M virt -cpu cortex-a53 -nographic -kernel $SCRIPTDIR/linux-4.4.70/arch/arm64/boot/Image -initrd $SCRIPTDIR/busybox-1.29.3/rootfs.img -append "console=ttyAMA0 root=/dev/ram rdinit=/linuxrc" -s qemu-system-aarch64 -M virt -cpu cortex-a53 -nographic -kernel $SCRIPTDIR/linux-4.4.70/arch/arm64/boot/Image -initrd $SCRIPTDIR/busybox-1.29.3/rootfs.img -append "console=ttyAMA0 root=/dev/ram rdinit=/linuxrc" -s
elif [ "$1" == "4.14" ]; then elif [ "$1" == "4.14" ]; then
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment