As medicine pregressed using corpse, I want to learn resuming old vulnerabilities.
- CVE-2014-1912 Python buffer overflow in the socket module
- CVE-2017-5030 Chrome Out-of-bounds read in V8 Array.concat
- CVE-2018-10115 7-Zip uninitalized memory
- CVE-2016-4622 WebKit
- CVE-2020-8437 uTorrent
- CVE-2021-27365 ISCSI out of bound kernel heap write
Resurrect corpes, I mean, vulnerabilities, can be troublesome
It's pretty cool to use
qemu to run different kernels or debug them.
BTW sometimes it's a pain: so here some troubleshooting
-m 1024if panic
Could not read from CD-ROM (code 0009): download desktop version
Old Ubuntu releases
You can grab them from http://old-releases.ubuntu.com.
Debian kernel package
For Debian exists snapshot.debian.org to retrieve old packages.
Take in mind that to find a specific vulnerable kernel package you have to read what is vulnerable from the specific vulnerability tracker here for dirtycow and probably you will find the source package; after that you must look at what packages have been generated from that (search on snapshot site the source package's name, look for the specific version from all the available ones and then there is a section named Binary packages).
After that, some kernel need an initrd that is generated when installed, without it the system fails to boot since at least the module to mount the root filesystem is needed.
The best option is probably use
docker: insert a unique entry for snapshot.debian.org
that makes sense, install the kernel and after that copy the
initrd from the
If you have a root filesystem contained in a tar archive, you can create an empty file large enough, mount it and untarring the archive into it.
$ dd if=/dev/zero of=rootfs.ext4 status=progress bs=1M count=1024 $ sudo mkfs.ext4 rootfs.ext4 $ mkdir mount $ mount -o loop rootfs.ext4 mount $ sudo mount -o loop rootfs.ext4 mount $ sudo tar -xvf /tmp/amd64-rootfs-20170318T102216Z.tar.gz -C mount $ sudo umount mount
- jubinson/debian-rootfs Generation of Debian rootfs for multiple architectures