I'm going to post some things that haven't worked for me so far, so other people can decide if they want to re-try thame.
A test program loaded on the kindle shows the vulnerability on 5.8.2.1, I have not re-tested now that I have updated to 5.8.9.
However, I set my kindle wifi information to point to my exploit server, and the /var/log/messages did not show any crashes.
Nothing I could find to trigger this vulnerability in lab126 code
- Any variation of the "poison filename" being re-introduced.
I have tried a variety of things, between files with that name, and the updates., they have not worked.
- Using the built-in browser to attack the ports that listen to localhost.
The browser on 5.8.2 and 5.8.9 have a littel difference, but neither work. on 5.8.9 the messages log say something to the effect of "disallowed local request", meaning that perhaps there are some allowed local requests?
- I have had some interesting result on using a corrupted update package.
I took a known good 5.8.9.2 update package, and cut it down to a much smaller size. This appears to pass most of the checks that enable the "Update your kindle" button, but I have not yet had the guts to actually hit that. I'm no sure what the effect will be on the filesystem if it is bad.