[REVS] Exploiting kmalloc Based Buffer Overflows

From: SecuriTeam (support_at_securiteam.com)
Date: 09/29/05

  • Next message: SecuriTeam: "[NT] PowerArchiver ACE and ARJ Archive Handling Buffer Overflow"
    To: list@securiteam.com
    Date: 29 Sep 2005 10:50:39 +0200
    
    

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.
    http://www.securiteam.com/mailinglist.html

    - - - - - - - - -

      Exploiting kmalloc Based Buffer Overflows
    ------------------------------------------------------------------------

    SUMMARY

    kmalloc - "Linux Kernel memory allocation routine, kmalloc() ensures
    physical address contiguity". Qobaiashi has published a paper that
    introduces a technique that would allow attackers to exploit kmalloc based
    overflows in Linux kernel modules.

    DETAILS

    Qobaiashi focus on a mechanism to exploit the Linux kernel for local
    privilege. He explains how Slab Allocation process works and finally how
    to reliably exploit overflows to execute arbitrary code.

    ADDITIONAL INFORMATION

    The information has been provided by <mailto:qobaiashi@gmx.net>
    qobaiashi.
    Original article:The original article can be found at:
    <http://home.bn-paf.de/sebastian.haase/>
    http://home.bn-paf.de/sebastian.haase/

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.


  • Next message: SecuriTeam: "[NT] PowerArchiver ACE and ARJ Archive Handling Buffer Overflow"

    Relevant Pages

    • [UNIX] Linux Kernel ALSA snd_mem_proc_read Information Disclosure Vulnerability
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Linux Kernel ALSA snd_mem_proc_read Information Disclosure Vulnerability ...
      (Securiteam)
    • [UNIX] Linux Kernel SCTP-AUTH API Information Disclosure Vulnerability and NULL Pointer Derefere
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Linux Kernel SCTP-AUTH API Information Disclosure Vulnerability and NULL ... SCTP_STATIC int sctp_getsockopt(struct sock *sk, int level, int optname, ...
      (Securiteam)
    • [UNIX] FUSE Information Disclosure
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Lack of range validation in FUSE allows attackers to reveal information ... * Linux kernel 2.2 ... static int fuse_copy_pages(struct fuse_copy_state *cs, unsigned nbytes, ...
      (Securiteam)
    • [EXPL] Linux Kernel do_mremap Improved Test
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Linux Kernel ... do_mremap Local Privilege Escalation Vulnerability, ... * GNU General Public License for more details. ...
      (Securiteam)
    • [UNIX] Linux Kernel cpuset tasks Information Disclosure Vulnerability
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Linux Kernel cpuset tasks Information Disclosure Vulnerability ... In order to exploit this vulnerability, an attacker would need access to ...
      (Securiteam)