FYI: Fwd: [Dailydave] CANVAS SYSRET Module

---------- Forwarded message ----------
From: Alex McGeorge <alexm@xxxxxxxxxxxxxxx>
Date: Mon, 18 Jun 2012 10:10:09 -0400
Subject: [Dailydave] CANVAS SYSRET Module
To: dailydave@xxxxxxxxxxxxxxxxxxxxx, canvas@xxxxxxxxxxxxxxxxxxxxx

Aloha lists,

There has been a lot of talk about the SYSRET vulnerability [1] recently
and even some pretty good write ups [2]. Of course the best discussion
of this bug will undoubtedly come from Rafal at his BlackHat talk in
Vegas [3].

For those of you who are eager to see an exploit for this vulnerability
in action we've got you covered:
http://partners.immunityinc.com/movies/SYSRET-v2.mov . The exploit has
been available since Friday to CANVAS Early Updates (CEU) customers for
their FreeBSD privilege escalation pleasure, courtesy of our Unix
exploit development team. For CEU inquiries please email
admin@xxxxxxxxxxxxxxx .

We were chatting about this on Friday, do other people see FreeBSD in
the enterprise on pen-tests? Outside of a few NAS solutions I've seen it
employed in source control and for other important tasks (DNS, FTP). Now
that Linux is so common place is FreeBSD considered exotic?

Cheers,
-AlexM

[1] http://www.kb.cert.org/vuls/id/649219
[2]
http://blog.xen.org/index.php/2012/06/13/the-intel-sysret-privilege-escalation/
[3] https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Wojtczuk

--
Alex McGeorge
Immunity Inc.
1130 Washington Avenue 8th Floor
Miami Beach, Florida 33139
P: 786.220.0600
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"