Changes

2 bytes added ,  00:50, 12 January 2015
Line 210: Line 210:  
| None
 
| None
 
| [[9.4.0-21]]
 
| [[9.4.0-21]]
|
+
|  
 
|-
 
|-
| ropwn
+
| rohax
 
| Using gspwn, it is possible to overwrite a loaded [[CRO0]]/[[CRR0]] after its RSA-signature has been validated. Badly validated [[CRO0]] header leads to arbitrary read/write of memory in the ro-process. This gives code-execution in the ro module, who has access to [[SVC|syscalls]] 0x70-0x72, 0x7D.
 
| Using gspwn, it is possible to overwrite a loaded [[CRO0]]/[[CRR0]] after its RSA-signature has been validated. Badly validated [[CRO0]] header leads to arbitrary read/write of memory in the ro-process. This gives code-execution in the ro module, who has access to [[SVC|syscalls]] 0x70-0x72, 0x7D.
   Line 219: Line 219:  
| [[9.3.0-21]]
 
| [[9.3.0-21]]
 
| [[9.4.0-21]]
 
| [[9.4.0-21]]
|
+
|  
 
|-
 
|-
 
| 3DS [[System Settings]] DS profile string stack-smash
 
| 3DS [[System Settings]] DS profile string stack-smash