whats "LibTIFF TIFFOpen Buffer Overflow Vulnerability" - PSP3D.com - Sony PlayStation Portable News, Homebrew, Hacks, Reviews, Videos, Mods, Forums

HappySlapster · #1 (**permalink**) 02-22-2006, 07:39 AM

tried reading up on this and i could not understand whever it could be appiled to 2.01+ or is this basicly the tiff overflow on 2.0

what i read up on

"Description:
Tavis Ormandy has reported a vulnerability in libTIFF, which potentially can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error and can be exploited to cause a buffer overflow via a specially crafted TIFF image containing a malformed BitsPerSample tag.

Successful exploitation may allow execution of arbitrary code, if a malicious TIFF image is opened in an application linked against the vulnerable library."

so if this is the 2.0 tiff exploit and sony have patched it?

if so HOW did thet patch it??

did they change what libTIFF was used or am i misunderstanding.

and if we find what libtiff is being used we can over flow it right? ....do we allready know and its been patched

sorry if this seem's stupid or just noodish

i aint asking will the tiff exploit will work on 2.01+ i juat want an understanding on how thing work.

i love brainstorming so many ideas most not pratical some just shit but i must have more info before i start playing

22 and can't even string a decent sentence and am shit at spelling emmm i suck at grammer

my quote " STAY AT SCHOOL KIDS!! "

kernal32 · #2 (**permalink**) 02-22-2006, 07:45 AM

nope cant be applied to 2.01+ sorry

got fixed. thats what the 2.01 update was.

HappySlapster · #3 (**permalink**) 02-22-2006, 07:54 AM

duh thats not what i asked i wona know HOW they fixed it, did they make some sota
patch that did not allow the tiff to run or did they just chage the libtiff to a diff version or what . saying " nope cant be applied to 2.01+ sorry " does not say a thing i know that allready .......

god sake .... right heres my Q's

1) was this what was used in 2.0 for the exploit?
2) is this what they patched?
3) how?

train2335 · #4 (**permalink**) 02-22-2006, 08:02 AM

I saw this in the pspupdates forums. Well I don't think it will work. I have tried MANY MANY computer exploits and buffer overflows back in the day on the PSP. I couldn't get any to work. But we will see what others have to say!

kernal32 · #5 (**permalink**) 02-22-2006, 08:05 AM

this is what was used in the 2.0 exploit
they stopped the buffer overflow from being able to run unsigned code
via updates to the library/patched the hole which the code was getting thru

geebuz, not that it matters. its not like your going to magically find a way to enable it again, trust me. start searching for another overflow.

HappySlapster · #6 (**permalink**) 02-22-2006, 08:09 AM

Quote:

Originally Posted by kernal32

this is what was used in the 2.0 exploit
they stopped the buffer overflow from being able to run unsigned code
via updates to the library/patched the hole which the code was getting thru

geebuz, not that it matters. its not like your going to magically find a way to enable it again, trust me. start searching for another overflow.

cheers mate thats all i needed to know, but one more thing
what lib do they use for psp once i know that i understand the tiff abit more