Update on canary randomisation for hardened Linux applications

This article is a followup to our last year’s advisory on canary randomisation for applications of the Debian distribution. rootkit

Yesterday I helped my friend kargig to analyse a rootkit he has recovered from a compromised Linux system. You can find the complete write-up at his blog.

CVE-2008-3531: FreeBSD kernel stack overflow exploit development

About four months ago I developed a reliable exploit for vulnerability CVE-2008-3531, which is also addressed in the advisory FreeBSD-SA-08:08.nmount. In this post I will use this vulnerability to provide an overview of the development process for FreeBSD kernel stack exploits.

FreeBSD kernel stack overflows

Last May (2008-05-30) I presented my research on FreeBSD kernel stack overflows at the University of Piraeus Software Libre Society, Event #16: Computer Security. The slides from the talk are now available in our research section.