"Sometimes, hacking is just someone spending more time on something than anyone else might reasonably expect."
-- Jerry Gamblin
This repository contains all materials related to my talk "A bug's life: story of a Solaris 0day" presented at #INFILTRATE19 on May 2, 2019.
Related links:
https://web.archive.org/web/20200518045907/https://techblog.mediaservice.net/2019/05/raptor-at-infiltrate-2019/ (blog post)
https://vimeo.com/335197685 (video)
- 2019-01-cde-dtprintinfo.txt. Official advisory for the 0day local privilege escalation via CDE dtprintinfo.
- raptor/raptor_dtprintname_intel.c. CDE dtprintinfo 0day exploit for Solaris/Intel (2019).
- raptor/raptor_dtprintname_sparc.c. CDE dtprintinfo 0day exploit for Solaris/SPARC (2004).
- raptor/raptor_dtprintname_sparc2.c. CDE dtprintinfo 0day exploit for Solaris/SPARC with noexec stack (2004).
- raptor/raptor_dtprintname_sparc3.c. Revised CVE-2019-2832 exploit (2020).
- dave/*. Original exploits for Solaris CDE dtprintinfo written by Dave Aitel during his time at @stake (2001).
- bas/aix_ppc_dtprintinfo.c. A bonus exploit for IBM AIX CDE dtprintinfo (thanks for sharing this, Bas!).
- bas/sol_sparc_dtp.c. Another CDE dtprintinfo 0day exploit for Solaris/SPARC, also courtesy of Bas.
- sharefuzz1.0.tar.gz. Dave's fuzzer that led to the original discovery of the vulnerability in 2001.
- abugslife.pdf. Slide deck presented at #INFILTRATE19 (PDF version).
- abugslife.pptx. Slide deck presented at #INFILTRATE19 (PowerPoint version).