As medicine pregressed using corpse, I want to learn resuming old vulnerabilities.
- CVE-2017-5030 Chrome Out-of-bounds read in V8 Array.concat
- CVE-2018-10115 7-Zip uninitalized memory
- CVE-2016-4622 WebKit
Resurrect corpe, I mean, vulnerabilities, can be troublesome
It's pretty cool to use
qemu to run different kernels or debug them.
BTW sometimes it's a pain: so here some troubleshooting
-m 1024if panic
Could not read from CD-ROM (code 0009): download desktop version
Old Ubuntu releases
You can grab them from http://old-releases.ubuntu.com.
Debian kernel package
For Debian exists snapshot.debian.org to retrieve old packages.
Take in mind that to find a specific vulnerable kernel package you have to read what is vulnerable from the specific vulnerability tracker here for dirtycow and probably you will find the source package; after that you must look at what packages have been generated from that (search on snapshot site the source package's name, look for the specific version from all the available ones and then there is a section named Binary packages).
After that, some kernel need an initrd that is generated when installed, without it the system fails to boot since at least the module to mount the root filesystem is needed.
The best option is probably use
docker: insert a unique entry for snapshot.debian.org
that makes sense, install the kernel and after that copy the
initrd from the