|Affected Products:||Linux kernel versions from 2.6.32 to 2.6.32-rc7.|
|Class:||Off-by-two stack buffer overflow.|
|Discovered by:||Patroklos Argyroudis|
We have found an off-by-two stack buffer overflow in the Linux kernel SUNRPC implementation. Linux kernel versions from 2.6.32 to 2.6.32-rc7 are affected.
About four months ago I developed a reliable exploit for vulnerability CVE-2008-3531, which is also addressed in the advisory FreeBSD-SA-08:08.nmount. In this post I will use this vulnerability to provide an overview of the development process for FreeBSD kernel stack exploits.
The FreeBSD kernel can be debugged with the
ddb(4) interactive kernel debugger. Although the latest production release of FreeBSD (7.1 at the time of this writing) adds some
very useful features, ddb is still lacking the flexibility of