[REVS] Exploiting kmalloc Based Buffer Overflows
From: SecuriTeam (support_at_securiteam.com)
Date: 09/29/05
- Previous message: SecuriTeam: "[NT] 7-Zip ARJ Archive Buffer Overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 29 Sep 2005 10:50:39 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Exploiting kmalloc Based Buffer Overflows
------------------------------------------------------------------------
SUMMARY
kmalloc - "Linux Kernel memory allocation routine, kmalloc() ensures
physical address contiguity". Qobaiashi has published a paper that
introduces a technique that would allow attackers to exploit kmalloc based
overflows in Linux kernel modules.
DETAILS
Qobaiashi focus on a mechanism to exploit the Linux kernel for local
privilege. He explains how Slab Allocation process works and finally how
to reliably exploit overflows to execute arbitrary code.
ADDITIONAL INFORMATION
The information has been provided by <mailto:qobaiashi@gmx.net>
qobaiashi.
Original article:The original article can be found at:
<http://home.bn-paf.de/sebastian.haase/>
http://home.bn-paf.de/sebastian.haase/
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[NT] 7-Zip ARJ Archive Buffer Overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
- [UNIX] Linux Kernel ALSA snd_mem_proc_read Information Disclosure Vulnerability
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... Linux Kernel ALSA snd_mem_proc_read
Information Disclosure Vulnerability ... (Securiteam) - [UNIX] FUSE Information Disclosure
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... Lack of range validation in FUSE
allows attackers to reveal information ... * Linux kernel 2.2 ... static int
fuse_copy_pages(struct fuse_copy_state *cs, unsigned nbytes, ... (Securiteam) - [EXPL] Linux Kernel do_mremap Improved Test
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... Linux Kernel ...
do_mremap Local Privilege Escalation Vulnerability, ... * GNU General Public License
for more details. ... (Securiteam) - [UNIX] Linux Kernel cpuset tasks Information Disclosure Vulnerability
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... Linux Kernel cpuset tasks Information
Disclosure Vulnerability ... In order to exploit this vulnerability, an attacker would
need access to ... (Securiteam) - [EXPL] Linux Local Root (Exploit)
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... Linux kernel version 2.6.13
to 2.6.17.4 ... This exploit uses the logrotate attack vector: ... int pid;
... (Securiteam)
