HC's Capture the Flag website
CTF Contests
25C3-CTF
25C3-CTF final results
Advisory #28
From team WiiPhonies
New advisory by : Ge0rG
Affected service(s): vdspi
Severity [lmh] : high
===== Problem =====
In ui-debug_menu.adb, there is a root shell accessible via menu 9 -> 5,
"maintainance shell" menu. it allows full access to the system.
===== Impact =====
A complete system compromise is possible, including reading flags.
===== Fix =====
The root shell can be disabled by removing the block starting at
line 50 in ui-debug_menu.adb, disabling it effectively.
Even better it is to completely disable the debug menu, by removing menu point "9" completely from ui-main_menu.adb, lines 27 and 28.
Rating
[2] yup.