{"id":10127,"date":"2016-05-08T13:18:41","date_gmt":"2016-05-08T11:18:41","guid":{"rendered":"https:\/\/www.customprotocol.com\/?p=10127"},"modified":"2016-05-08T13:18:41","modified_gmt":"2016-05-08T11:18:41","slug":"ps4-vita-vulnerabilite-libxml2-annonce-possible-hack","status":"publish","type":"post","link":"https:\/\/www.customprotocol.com\/ps4-vita-vulnerabilite-libxml2-annonce-possible-hack\/","title":{"rendered":"[PS4] [Vita] La vuln\u00e9rabilit\u00e9 libxml2 annonce-t-elle un possible hack PS4 et PS Vita ?"},"content":{"rendered":"

Un certain Dragood2<\/em> a ouvert sur le forum de Wololo<\/em>.net<\/em><\/a> un topic parlant d'une vuln\u00e9rabilit\u00e9 se trouvant dans la libxml2<\/strong>, une biblioth\u00e8que de traitement XML open-source<\/em> pr\u00e9sente \u00e0 la fois sur PS Vita et PS4. Que faut-il entendre par l\u00e0 ? Que si la vuln\u00e9rabilit\u00e9 est \"exploitable\", elle le serait alors sur les deux consoles... \u00c0 l'heure actuelle, que sait-on et que peut-on dire ?<\/p>\n

\"Vuln\u00e9rabilit\u00e9<\/a><\/p>\n

\n

Il y a quelques semaines, quand je travaillais sur un bug [CVE-2016-3627] li\u00e9, j'ai d\u00e9couvert qu'un fichier XML sp\u00e9cialement cr\u00e9e \u00e9tait capable de d\u00e9clencher un d\u00e9bordement de pile<\/a> avant que la libxml2<\/strong> ne puisse le d\u00e9tecter comme \u00e9tant un fichier XML valide.<\/em><\/div> dragood2<\/cite><\/small><\/p><\/blockquote>\n

<\/i>Cette vuln\u00e9rabilit\u00e9, qui d\u00e9clenche donc un d\u00e9bordement de pile, a d'ores et d\u00e9j\u00e0 son propre CVE<\/a> : CVE-2016-3705<\/em><\/a> (merci \u00e0 xyz<\/em><\/a>).<\/div>\n

Gr\u00e2ce \u00e0 un article de Wololo<\/em><\/a>, nous savons aussi que le c\u00e9l\u00e8bre d\u00e9veloppeur CTurt<\/em> a confirm\u00e9 l'existence d'un Stack Protector<\/em> depuis FreeBSD 8.0<\/em> (un syst\u00e8me d'exploitation sur lequel est bas\u00e9 celui de la PS4), laissant donc entendre que cette vuln\u00e9rabilit\u00e9 en elle-m\u00eame serait inutile (\u00e0 moins qu'un autre exploit<\/em> permette de passer au travers de cette protection). Mais bon, il faudrait d\u00e9j\u00e0 que cette vuln\u00e9rabilit\u00e9 soit confirm\u00e9e sur PS4...<\/p>\n

C\u00f4t\u00e9 PS Vita, toujours d'apr\u00e8s l'article de Wololo<\/em>, on n'en sait pas plus (le contraire aurait \u00e9t\u00e9 \u00e9tonnant :P). On ne sait pas si cette console poss\u00e8de \u00e9galement un Stack Protector<\/em>, mais il serait \u00e9tonnant qu'elle n'en ait pas quand on conna\u00eet \u00e0 quel point Sony<\/em> a mis le paquet au niveau de la s\u00e9curit\u00e9... Si vous souhaitez effectuer un test, vous avez les instructions en bas du post<\/em> de Wololo<\/em><\/a> (en anglais) et le lien de t\u00e9l\u00e9chargement du XML par ici<\/a>.<\/p>\n

Quoiqu'il en soit, ne vous attendez pas non plus \u00e0 ce que cette d\u00e9couverte ouvre toutes les portes du hack<\/em> de la Vita et de la PS4. ^^ Voici ce que 173210<\/em>, hacker<\/em> de la sc\u00e8ne Vita, pense \u00e0 ce sujet :<\/p>\n

C'est probablement inutile pour PS Vita. Je ne pense pas que cela puisse contourner l'ASLR<\/a>. L'exploitation des WebKit<\/em> et Mono<\/em> \u00e9taient possibles gr\u00e2ce au fait qu'ils pouvaient dump<\/em> la RAM<\/em> puis la traiter en utilisant un programme Mono<\/em> ou JavaScript<\/em>.
En tout cas, je pense que c'est un bon d\u00e9but. Le XML<\/em> est utilis\u00e9 partout, et est potentiellement privil\u00e9gi\u00e9. Si l'on peut parvenir \u00e0 ex\u00e9cuter du XSLT<\/em> \"malform\u00e9\" (un langage de transformation XML<\/a>), cela pourrait \u00eatre un r\u00e9el progr\u00e8s.<\/em><\/div> 173210<\/cite><\/small><\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"

La biblioth\u00e8que libxml2 est pr\u00e9sente chez les 2 consoles... S'il s'av\u00e8re que la vuln\u00e9rabilit\u00e9 est exploitable, pourrait-on voir un hack arriver ?<\/p>\n","protected":false},"author":481,"featured_media":10128,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,29,30],"tags":[2441],"plateformes":[854,1014],"genres":[2442,2444,2443],"developpeurs":[2438],"editeurs":[],"types":[859,1126,864],"sources":[2439,2440],"class_list":["post-10127","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","category-news-underground","category-underground","tag-libxml2","plateformes-ps-vita","plateformes-ps4","genres-vulnerabilites","genres-vulnerabilites-ps-vita","genres-vulnerabilites-ps4","developpeurs-dragood2","types-hack-vita","types-hack-ps4","types-news","sources-httpwololo-net20160506libxml2-vulnerability-vita-ps4-exploit","sources-httpwololo-nettalkviewtopic-phpf63t45831"],"yoast_head":"\nVuln\u00e9rabilit\u00e9 libxml2 : un possible hack PS4\/PS Vita ? - CTP<\/title>\n<meta name=\"description\" content=\"La biblioth\u00e8que libxml2 est pr\u00e9sente chez les 2 consoles... Si la vuln\u00e9rabilit\u00e9 est exploitable, pourrait-on voir un hack arriver ?\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.customprotocol.com\/ps4-vita-vulnerabilite-libxml2-annonce-possible-hack\/\" \/>\n<meta property=\"og:locale\" content=\"fr_CA\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vuln\u00e9rabilit\u00e9 libxml2 : un possible hack PS4\/PS Vita ? - CTP\" \/>\n<meta property=\"og:description\" content=\"La biblioth\u00e8que libxml2 est pr\u00e9sente chez les 2 consoles... Si la vuln\u00e9rabilit\u00e9 est exploitable, pourrait-on voir un hack arriver ?\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.customprotocol.com\/ps4-vita-vulnerabilite-libxml2-annonce-possible-hack\/\" \/>\n<meta property=\"og:site_name\" content=\"Custom Protocol\" \/>\n<meta property=\"article:published_time\" content=\"2016-05-08T11:18:41+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.customprotocol.com\/medias\/2016\/05\/vulnerabilite-commune-libxml2-ps4-ps-vita.png\" \/>\n\t<meta property=\"og:image:width\" content=\"500\" \/>\n\t<meta property=\"og:image:height\" content=\"322\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Wirus\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/twitter.com\/HackerGen\" \/>\n<meta name=\"twitter:label1\" content=\"\u00c9crit par\" \/>\n\t<meta name=\"twitter:data1\" content=\"Wirus\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimation du temps de lecture\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.customprotocol.com\/ps4-vita-vulnerabilite-libxml2-annonce-possible-hack\/\",\"url\":\"https:\/\/www.customprotocol.com\/ps4-vita-vulnerabilite-libxml2-annonce-possible-hack\/\",\"name\":\"Vuln\u00e9rabilit\u00e9 libxml2 : un possible hack PS4\/PS Vita ? - CTP\",\"isPartOf\":{\"@id\":\"https:\/\/www.customprotocol.com\/#website\"},\"datePublished\":\"2016-05-08T11:18:41+00:00\",\"dateModified\":\"2016-05-08T11:18:41+00:00\",\"author\":{\"@id\":\"https:\/\/www.customprotocol.com\/#\/schema\/person\/e2f5c3e6cbb948e59756b98bed512cf9\"},\"description\":\"La biblioth\u00e8que libxml2 est pr\u00e9sente chez les 2 consoles... Si la vuln\u00e9rabilit\u00e9 est exploitable, pourrait-on voir un hack arriver ?\",\"breadcrumb\":{\"@id\":\"https:\/\/www.customprotocol.com\/ps4-vita-vulnerabilite-libxml2-annonce-possible-hack\/#breadcrumb\"},\"inLanguage\":\"fr-CA\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.customprotocol.com\/ps4-vita-vulnerabilite-libxml2-annonce-possible-hack\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.customprotocol.com\/ps4-vita-vulnerabilite-libxml2-annonce-possible-hack\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.customprotocol.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"[PS4] [Vita] La vuln\u00e9rabilit\u00e9 libxml2 annonce-t-elle un possible hack PS4 et PS Vita ?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.customprotocol.com\/#website\",\"url\":\"https:\/\/www.customprotocol.com\/\",\"name\":\"Custom Protocol\",\"description\":\"Site d'hack-tualit\u00e9 et de tutoriels sur la customisation de consoles et appareils (homebrews, plugins, \u00e9mulation...)\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.customprotocol.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"fr-CA\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.customprotocol.com\/#\/schema\/person\/e2f5c3e6cbb948e59756b98bed512cf9\",\"name\":\"Wirus\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-CA\",\"@id\":\"https:\/\/www.customprotocol.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/ff65bb0fba0be9639885c04a3ed7d8a895a98260fc23f283286dc9cf20bf3871?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/ff65bb0fba0be9639885c04a3ed7d8a895a98260fc23f283286dc9cf20bf3871?s=96&d=mm&r=g\",\"caption\":\"Wirus\"},\"description\":\"Avez-vous d\u00e9j\u00e0 vu un gentil virus ? Maintenant, oui.\",\"sameAs\":[\"https:\/\/hackergen.com\",\"https:\/\/twitter.com\/https:\/\/twitter.com\/HackerGen\",\"https:\/\/www.youtube.com\/user\/Wirusalization\"],\"url\":\"https:\/\/www.customprotocol.com\/auteur\/wirus\/\"}]}<\/script>\n","yoast_head_json":{"title":"Vuln\u00e9rabilit\u00e9 libxml2 : un possible hack PS4\/PS Vita ? - CTP","description":"La biblioth\u00e8que libxml2 est pr\u00e9sente chez les 2 consoles... Si la vuln\u00e9rabilit\u00e9 est exploitable, pourrait-on voir un hack arriver ?","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.customprotocol.com\/ps4-vita-vulnerabilite-libxml2-annonce-possible-hack\/","og_locale":"fr_CA","og_type":"article","og_title":"Vuln\u00e9rabilit\u00e9 libxml2 : un possible hack PS4\/PS Vita ? - CTP","og_description":"La biblioth\u00e8que libxml2 est pr\u00e9sente chez les 2 consoles... Si la vuln\u00e9rabilit\u00e9 est exploitable, pourrait-on voir un hack arriver ?","og_url":"https:\/\/www.customprotocol.com\/ps4-vita-vulnerabilite-libxml2-annonce-possible-hack\/","og_site_name":"Custom Protocol","article_published_time":"2016-05-08T11:18:41+00:00","og_image":[{"width":500,"height":322,"url":"https:\/\/www.customprotocol.com\/medias\/2016\/05\/vulnerabilite-commune-libxml2-ps4-ps-vita.png","type":"image\/png"}],"author":"Wirus","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/twitter.com\/HackerGen","twitter_misc":{"\u00c9crit par":"Wirus","Estimation du temps de lecture":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.customprotocol.com\/ps4-vita-vulnerabilite-libxml2-annonce-possible-hack\/","url":"https:\/\/www.customprotocol.com\/ps4-vita-vulnerabilite-libxml2-annonce-possible-hack\/","name":"Vuln\u00e9rabilit\u00e9 libxml2 : un possible hack PS4\/PS Vita ? - CTP","isPartOf":{"@id":"https:\/\/www.customprotocol.com\/#website"},"datePublished":"2016-05-08T11:18:41+00:00","dateModified":"2016-05-08T11:18:41+00:00","author":{"@id":"https:\/\/www.customprotocol.com\/#\/schema\/person\/e2f5c3e6cbb948e59756b98bed512cf9"},"description":"La biblioth\u00e8que libxml2 est pr\u00e9sente chez les 2 consoles... Si la vuln\u00e9rabilit\u00e9 est exploitable, pourrait-on voir un hack arriver ?","breadcrumb":{"@id":"https:\/\/www.customprotocol.com\/ps4-vita-vulnerabilite-libxml2-annonce-possible-hack\/#breadcrumb"},"inLanguage":"fr-CA","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.customprotocol.com\/ps4-vita-vulnerabilite-libxml2-annonce-possible-hack\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.customprotocol.com\/ps4-vita-vulnerabilite-libxml2-annonce-possible-hack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.customprotocol.com\/"},{"@type":"ListItem","position":2,"name":"[PS4] [Vita] La vuln\u00e9rabilit\u00e9 libxml2 annonce-t-elle un possible hack PS4 et PS Vita ?"}]},{"@type":"WebSite","@id":"https:\/\/www.customprotocol.com\/#website","url":"https:\/\/www.customprotocol.com\/","name":"Custom Protocol","description":"Site d'hack-tualit\u00e9 et de tutoriels sur la customisation de consoles et appareils (homebrews, plugins, \u00e9mulation...)","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.customprotocol.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"fr-CA"},{"@type":"Person","@id":"https:\/\/www.customprotocol.com\/#\/schema\/person\/e2f5c3e6cbb948e59756b98bed512cf9","name":"Wirus","image":{"@type":"ImageObject","inLanguage":"fr-CA","@id":"https:\/\/www.customprotocol.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/ff65bb0fba0be9639885c04a3ed7d8a895a98260fc23f283286dc9cf20bf3871?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/ff65bb0fba0be9639885c04a3ed7d8a895a98260fc23f283286dc9cf20bf3871?s=96&d=mm&r=g","caption":"Wirus"},"description":"Avez-vous d\u00e9j\u00e0 vu un gentil virus ? Maintenant, oui.","sameAs":["https:\/\/hackergen.com","https:\/\/twitter.com\/https:\/\/twitter.com\/HackerGen","https:\/\/www.youtube.com\/user\/Wirusalization"],"url":"https:\/\/www.customprotocol.com\/auteur\/wirus\/"}]}},"_links":{"self":[{"href":"https:\/\/www.customprotocol.com\/api\/wp\/v2\/posts\/10127","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.customprotocol.com\/api\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.customprotocol.com\/api\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.customprotocol.com\/api\/wp\/v2\/users\/481"}],"replies":[{"embeddable":true,"href":"https:\/\/www.customprotocol.com\/api\/wp\/v2\/comments?post=10127"}],"version-history":[{"count":0,"href":"https:\/\/www.customprotocol.com\/api\/wp\/v2\/posts\/10127\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.customprotocol.com\/api\/wp\/v2\/media\/10128"}],"wp:attachment":[{"href":"https:\/\/www.customprotocol.com\/api\/wp\/v2\/media?parent=10127"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.customprotocol.com\/api\/wp\/v2\/categories?post=10127"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.customprotocol.com\/api\/wp\/v2\/tags?post=10127"},{"taxonomy":"plateformes","embeddable":true,"href":"https:\/\/www.customprotocol.com\/api\/wp\/v2\/plateformes?post=10127"},{"taxonomy":"genres","embeddable":true,"href":"https:\/\/www.customprotocol.com\/api\/wp\/v2\/genres?post=10127"},{"taxonomy":"developpeurs","embeddable":true,"href":"https:\/\/www.customprotocol.com\/api\/wp\/v2\/developpeurs?post=10127"},{"taxonomy":"editeurs","embeddable":true,"href":"https:\/\/www.customprotocol.com\/api\/wp\/v2\/editeurs?post=10127"},{"taxonomy":"types","embeddable":true,"href":"https:\/\/www.customprotocol.com\/api\/wp\/v2\/types?post=10127"},{"taxonomy":"sources","embeddable":true,"href":"https:\/\/www.customprotocol.com\/api\/wp\/v2\/sources?post=10127"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}