[18387] in bugtraq
Re: Exploiting Kernel Buffer Overflows FreeBSD Style
daemon@ATHENA.MIT.EDU (Cy Schubert - ITSD Open Systems Gr)
Tue Jan 2 14:06:32 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-ID: <200012291741.eBTHfSr10927@cwsys.cwsent.com>
Date: Fri, 29 Dec 2000 09:40:43 -0800
Reply-To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
X-To: Alfred Perlstein <bright@WINTELCOM.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Your message of "Thu, 28 Dec 2000 21:39:12 PST."
<20001228213912.N19572@fw.wintelcom.net>
In message <20001228213912.N19572@fw.wintelcom.net>, Alfred Perlstein
writes:
> * Esa Etelavuori <eetelavu@CC.HUT.FI> [001228 13:50] wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> >
> > Exploiting Kernel Buffer Overflows FreeBSD Style:
> > Defeating Security Levels and Breaking Out of Jail(2)
> > Esa Etelavuori
> > December 28, 2000
> >
> > 1. Introduction
> >
> > This is a detailed case study discussing the exploitation of the FreeBSD
> > kernel process filesystem buffer overflow vulnerability [7]. This is
> > FreeBSD/i386 specific, but some of these techniques are applicable
> > to other systems, and perhaps give a new insight to regular buffer
> > overflows.
>
> You didn't mention that you contacted us about this over a month
> ago and the bug seems to be patched in both the stable and devel
> versions of FreeBSD as well as 4.2-release.
He does reference FreeBSD Security Advisory: FreeBSD-SA-00:77, December
2000 in the references section, though additional attention could have
been brought to this reference in the article.
Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
Team Leader, Sun/Alpha Team Internet: Cy.Schubert@osg.gov.bc.ca
Open Systems Group, ITSD, ISTA
Province of BC
