A completely-from-scratch hobby operating system: bootloader, kernel, drivers, C library, and userspace including a composited graphical UI, dynamic linker, syntax-highlighting text editor, network stack, etc.
readelf in ToaruOS 2.0.1 has a global overflow allowing RCE when parsing a crafted ELF file. Through elaborately constructed elf files, remote code execution can be realized.
PoC
./readelf -d poc_elf_overflow
Dynamic section at offset 0x2df8 contains (up to) 30 entries:
Tag Type Name/Value
zsh: segmentation fault ./readelf -d poc_elf_overflow
Hi,
readelf in ToaruOS 2.0.1 has a global overflow allowing RCE when parsing a crafted ELF file. Through elaborately constructed elf files, remote code execution can be realized.
PoC
poc_elf_overflow.zip
Patch