** Advisory Information Title: [CVE-2018-5189] Rumble In The Jungo – A Code Execution Walkthrough Blog URL: http://ift.tt/2ALNKcL Vendor: Jungo Date Published: 10/01/2017 CVE: CVE-2018-5189 ** Vulnerability Summary Leveraging a race condition/double fetch to trigger a pool overflow within the Jungo Windriver allowing a local privilage escalation to SYSTEM. ** Vendor Response Jungo have released a new version of the driver thus mitigating exploitation of this issue. ** Report Timeline Disclosed to vendor – 23/12/2017 Response from vendor, request for initial advisory – 24/12/2017 Initial advisory sent – 29/12/2017 Beta patch sent for testing by vendor – 01/01/2018 Patch confirmed to mitigate vulnerabilities – 01/01/2017 Patch released – 10/01/2017 ** Credit This vulnerability was discovered by Tim Carrington @__invictus_, part of the Fidus Information Security research team. ** References http://ift.tt/2ALNKcL ** Disclaimer This advisory is licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 License: http://ift.tt/e9zF8v
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment