[Info-vax] Something is happening at VSI

Simon Clubley clubley at remove_me.eisner.decus.org-Earth.UFP
Thu Apr 4 08:43:09 EDT 2024 

On 2024-04-04, Volker Halle <volker_halle at hotmail.com> wrote:
> Am 04.04.2024 um 09:52 schrieb motk:
>> On 4/3/24 10:20, motk wrote:
>>... 
>> I did apparently accidentally fuzz things:
>> 
>> $ product list  *
>> 
>>    Improperly handled condition, bad stack or no handler specified.
>>      Signal arguments:   Number = 0000000000000005
>>                          Name   = 000000000000000C
>>                                   0000000000000007
>>                                   0000000000006000
>>                                   FFFF830007C0236B
>>                                   0000000000000012
>>      Register dump:
>>      RAX = 0000000000000000  RDI = 000000007FF9DC80  RSI = 0000000000006000
>>      RDX = 5344524F5759454B  RCX = 0000000000006000  R8  = 00000000FFFF8F86
>>      R9  = 000000000808080D  RBX = 000000007FFABE00  RBP = 000000007FF9FF60
>>      R10 = 000000007FFABDB0  R11 = 000000007FFA4D18  R12 = 000000007FF9C0F8
>>      R13 = 0000000000000018  R14 = 000000007FF9C2B0  R15 = 0000000000008301
>>      RIP = FFFF830007C0236B  RSP = 000000007FF9FF00  SS  = 000000000000001B
>> %SYSTEM-F-ACCVIO, access violation, reason mask=00, virtual 
>> address=000000000000000C, PC=0000000000000002, PS=7AD5D8EE
>
> motk,
>
> can you reproduce this ? Over and over again ?
>
> If so, please consider to report this in the VSI Forum together with a 
> detailled description of your underlying software/hardware and the steps 
> to reproduce this access violation.
>
> https://forum.vmssoftware.com/search.php?search_id=active_topics
>

Well that's a seriously "interesting" thing to suggest Volker. :-(

Assuming the posted output has not been edited, running a user-mode program
resulted in the process being killed. That means it failed in either
supervisor mode or executive mode. That means VSI need to be told _privately_
about the sequence to reproduce (if it can be discovered) so that they can
see if the sequence can be modified to actually exploit the system.

If that sequence is published in a public forum before VSI have analyzed
and fixed the problem, it means anyone else will be able to perform the
same analysis to see if the problem can be exploited. :-(

Of course, the OP will have to report this to VSI via insecure email
(if they can discover the sequence) because VSI clearly think it is
below them to actually make available a public security reporting
mechanism. :-(

Simon.

-- 
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.

More information about the Info-vax mailing list