Thread: Font, ScreenSaver & USBNetwork Hacks for Kindle 2.x, 3.x & 4.x
View Single Post
Old 08-21-2016, 10:24 AM   #3714
knc1
Going Viral
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 17,212
Karma: 18210809
Join Date: Feb 2012
Location: Central Texas
Device: No K1, PW2, KV, KOA
Quote:
Originally Posted by Yourcat View Post
https://www.imagemagick.org/discours...=29588#p132726
'... We have secured the delegates in ImageMagick 7.0.1-9 and 6.9.4-7 by sanitizing the parameters. ...'
I assume old versions are vunerable. Anyhow I'm not sure whether gif, png and jpeg images can be used to exploit this bug. There may be a small number (~zero) of users using svg as screensaver images.
The first one mentioned is similar to the exploit used by the prior 'universal jail break' (although not via IM).

And it is not NiLuJe's that one need worry about, that one can not be run without a jail break (there is an execute prohibit on visible usb storage until jail broken).

The IM that ships as part of the system will certainly be old enough to be vulnerable.

So all you need to do is feed it a properly formated, "bad", screensaver image filename.
But stock Kindles do not accept custom screensavers on USB storage.

It might be worth checking if using the built-in image viewer to view files from /images gives access to the built-in convert command vulnerability.
knc1 is offline   Reply With Quote