[18376] in bugtraq
Re: Exploiting Kernel Buffer Overflows FreeBSD Style
daemon@ATHENA.MIT.EDU (Alfred Perlstein)
Fri Dec 29 13:45:27 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-ID: <20001228213912.N19572@fw.wintelcom.net>
Date: Thu, 28 Dec 2000 21:39:12 -0800
Reply-To: Alfred Perlstein <bright@WINTELCOM.NET>
From: Alfred Perlstein <bright@WINTELCOM.NET>
X-To: Esa Etelavuori <eetelavu@CC.HUT.FI>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <200012281929.VAA05801@ksylofoni.hut.fi>; from eetelavu@CC.HUT.FI
on Thu, Dec 28, 2000 at 09:29:37PM +0200
* Esa Etelavuori <eetelavu@CC.HUT.FI> [001228 13:50] wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> Exploiting Kernel Buffer Overflows FreeBSD Style:
> Defeating Security Levels and Breaking Out of Jail(2)
> Esa Etelavuori
> December 28, 2000
>
> 1. Introduction
>
> This is a detailed case study discussing the exploitation of the FreeBSD
> kernel process filesystem buffer overflow vulnerability [7]. This is
> FreeBSD/i386 specific, but some of these techniques are applicable
> to other systems, and perhaps give a new insight to regular buffer
> overflows.
You didn't mention that you contacted us about this over a month
ago and the bug seems to be patched in both the stable and devel
versions of FreeBSD as well as 4.2-release.
----------------------------
revision 1.22
date: 2000/11/01 19:38:08; author: eivind; state: Exp; lines: +2 -2
Fix overflow from jail hostname.
Bug found by: Esa Etelavuori <eetelavu@cc.hut.fi>
----------------------------
Thanks for delaying your announcement and giving such a detailed
release.
--
-Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org]
"I have the heart of a child; I keep it in a jar on my desk."
