corCTF 2021 ret2cds writeup: Escaping a Seccomp Sandbox via Class Data Sharing regions in OpenJDK
ID: 27166199-3372-5d2b-b619-40d64308ed82
STIX ID: report--27166199-3372-5d2b-b619-40d64308ed82
Feed Name: Will's Root
Threat Score
This writeup describes a proof-of-concept exploit (ret2cds) used in a CTF to abuse an OpenJDK Class Data Sharing rwx region via process_vm_readv/process_vm_writev to inject shellcode and escape a restricted seccomp sandbox, achieving a reverse shell; the author details discovery, exploitation steps, and notes newer OpenJDK versions mitigate the issue.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.