[Info-vax] Something is happening at VSI

motk meh at meh.meh
Fri Apr 5 05:49:04 EDT 2024 

On 4/04/2024 10:43 pm, Simon Clubley wrote:
> On 2024-04-04, Volker Halle <volker_halle at hotmail.com> wrote:
>> Am 04.04.2024 um 09:52 schrieb motk:
>>> On 4/3/24 10:20, motk wrote:
>>> ...
>>> I did apparently accidentally fuzz things:
>>>
>>> $ product list  *
>>>
>>>     Improperly handled condition, bad stack or no handler specified.
>>>       Signal arguments:   Number = 0000000000000005
>>>                           Name   = 000000000000000C
>>>                                    0000000000000007
>>>                                    0000000000006000
>>>                                    FFFF830007C0236B
>>>                                    0000000000000012
>>>       Register dump:
>>>       RAX = 0000000000000000  RDI = 000000007FF9DC80  RSI = 0000000000006000
>>>       RDX = 5344524F5759454B  RCX = 0000000000006000  R8  = 00000000FFFF8F86
>>>       R9  = 000000000808080D  RBX = 000000007FFABE00  RBP = 000000007FF9FF60
>>>       R10 = 000000007FFABDB0  R11 = 000000007FFA4D18  R12 = 000000007FF9C0F8
>>>       R13 = 0000000000000018  R14 = 000000007FF9C2B0  R15 = 0000000000008301
>>>       RIP = FFFF830007C0236B  RSP = 000000007FF9FF00  SS  = 000000000000001B
>>> %SYSTEM-F-ACCVIO, access violation, reason mask=00, virtual
>>> address=000000000000000C, PC=0000000000000002, PS=7AD5D8EE
>>
>> motk,
>>
>> can you reproduce this ? Over and over again ?
>>
>> If so, please consider to report this in the VSI Forum together with a
>> detailled description of your underlying software/hardware and the steps
>> to reproduce this access violation.
>>
>> https://forum.vmssoftware.com/search.php?search_id=active_topics
>>
> 
> Well that's a seriously "interesting" thing to suggest Volker. :-(
> 
> Assuming the posted output has not been edited, running a user-mode program
> resulted in the process being killed. That means it failed in either
> supervisor mode or executive mode. That means VSI need to be told _privately_
> about the sequence to reproduce (if it can be discovered) so that they can
> see if the sequence can be modified to actually exploit the system.

I can guarantee that output wasn't mangled in any way. I've been trying 
to reproduce it with no success so far. It was an extremely surprising 
result though; would it have hit a log somewhere?


> If that sequence is published in a public forum before VSI have analyzed
> and fixed the problem, it means anyone else will be able to perform the
> same analysis to see if the problem can be exploited. :-(

Fuzzing tools are free and plentiful.


> Simon.


-- 
motk

More information about the Info-vax mailing list