Articles with tag: Kernel
POSTED BY: argp / 03.01.2012

The Linux kernel memory allocators from an exploitation perspective

In anticipation of Dan Rosenberg’s talk on exploiting the Linux kernel’s SLOB memory allocator at the Infiltrate security conference and because I recently had a discussion with some friends about the different kernel memory allocators in Linux, I decided to write this quick introduction. I will present some of the allocators’ characteristics and also provide references to public work on exploitation techniques.



POSTED BY: argp / 23.05.2010

FreeBSD kernel NFS client local vulnerabilities

CENSUS ID:CENSUS-2010-0001
CVE ID:CVE-2010-2020
Affected Products:FreeBSD 8.0-RELEASE, 7.3-RELEASE, 7.2-RELEASE
Class:Improper Input Validation (CWE-20)
Remote:No
Discovered by:Patroklos Argyroudis

We have discovered two improper input validation vulnerabilities in the FreeBSD kernel’s NFS client-side implementation (FreeBSD 8.0-RELEASE, 7.3-RELEASE and 7.2-RELEASE) that allow local unprivileged users to escalate their privileges, or to crash the system by performing a denial of service attack.


POSTED BY: argp / 26.04.2010

FreeBSD kernel exploitation mitigations

In my recent Black Hat Europe 2010 talk I gave an overview of the kernel exploitation prevention mechanisms that exist on FreeBSD. A few people at the conference have subsequently asked me to elaborate on the subject. In this post I will collect all the information from my talk and the various discussions I had in the Black Hat conference hallways.