Techly NewsGet the app

Get the latest tech news

4 exploits, 1 bug: exploiting CVE-2024-20017 4 different ways


a post going over 4 exploits for CVE-2024-20017, a remotely exploitable buffer overflow in a component of the MediaTek MT7622 SDK.

Similar to the previous exploit, this ROP chain can be inserted multiple times to write more than 8 bytes starting at a target address, but in order to do this, there’s one more gadget that is needed to deal with a minor nuance in how GADGET_A interacts with the stack. The one piece of good news was that even though checksec reports that the binary has stack canaries enabled, analyzing it in Binja showed that the cookie-checking logic inserted by the compiler was only present in two functions, and those were from an external library. This one reuses a few of the concepts that were covered in previous exploits, including using pointer corruption to get a write primitive, using the .bss/.data segment as a buffer for the main payload, and leveraging ROP (technical JOP, in this case) to set up the arguments for calling system() to get command execution.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of bug

bug

Photo of Exploits

Exploits

Photo of different ways

different ways

Related news:

News photo

Microsoft fixes bug crashing Microsoft 365 apps when typing

News photo

Defusedxml – defusing XML bombs and other exploits

News photo

Bug lets anyone bypass WhatsApp’s ‘View Once’ privacy feature

« LHC experiments at CERN observe quantum entanglement at the highest energy yet
The Miraculous Resurrection of Notre-Dame »