gbmaster.wordpress.com
x86 Exploitation 101: heap overflows… unlink me, would you please? – gb_master's /dev/null
https://gbmaster.wordpress.com/2014/08/11/x86-exploitation-101-heap-overflows-unlink-me-would-you-please
Gb master's /dev/null. 8230; and I said, Hello, Satan. I believe it's time to go. Written by gb master. August 11, 2014. May 16, 2016. X86 Exploitation 101: heap overflows… unlink me, would you please? Well, do the previous techniques apply to the dynamic allocation scenario? What if, instead of a statically allocated array, there’s a malloc-ed space? Well, more or less, but things get REALLY. Why should I care about the history? So, first things first. How is the malloc implemented in glibc? Ie the heap...
skydel.mathislabs.com
September « 2014 « Skydel
http://skydel.mathislabs.com/2014/09
Learning Linux, Programming, Administration, Together. Archive for September, 2014. Why BitTorrent over Tor Is Not a Good Idea. Tuesday, September 16th, 2014. Https:/ blog.torproject.org/blog/bittorrent-over-tor-isnt-good-idea. The Art and Science of Color Theory. Tuesday, September 9th, 2014. Best Tutorial for Learning C GUI Programming. Monday, September 8th, 2014. Guide to Game Theory Books by Presh Talwalkar. Saturday, September 6th, 2014. My Book on Game Theory. Personally, I enjoyed all of the book...
axtaxt.wordpress.com
Axtaxt's Blog | techblog #security #java #programming #fun | Page 2
https://axtaxt.wordpress.com/page/2
Techblog #security #java #programming #fun. Newer posts →. Debugging Java VM’s JITed code. April 22, 2012. Recently I’ve run into some misterious Java VM crashes. After narrowing down the crashing code, I’ve ended up with this POC:. Package org.axt.cr; public class Crash { @SuppressWarnings(unused) private static int val; private static double arr[] = new double[2048]; public static void cr() { for(int i=0; i arr.length; i ) { arr[i] = Double.NaN; } val = (arr[0] = 0? It must be run with. A fatal error h...
xorl.wordpress.com
C Quiz No. 1 | xorl %eax, %eax
https://xorl.wordpress.com/2009/01/27/c-quiz-no-1
Xorl %eax, %eax. C Quiz No. 1. This is a new category that I’m starting. You’re all welcome to express your ideas for the behavior of the programs. The first one is going to be really easy one. So. I have this nice prog.:. Include stdio.h int main(void) { int *c; c = (int [4]){1,*c,3}; printf(%d n, c[3]); return 0; }. But why do I get this output when I’m running it? Sh-31$ gcc quiz1.c -std=c99 -pedantic -Wall -o quiz1 sh-3.1$ ./quiz1 0 sh-3.1$. January 27, 2009 at 15:30. Posted in C programming. This me...
xorl.wordpress.com
CVE-2013-1798: Linux kernel KVM IOAPIC_REG_SELECT Invalid Memory Access | xorl %eax, %eax
https://xorl.wordpress.com/2013/05/23/cve-2013-1798-linux-kernel-kvm-ioapic_reg_select-invalid-memory-access
Xorl %eax, %eax. CVE-2013-1798: Linux kernel KVM IOAPIC REG SELECT Invalid Memory Access. Leave a comment ». This was very nice vulnerability reported by Andrew Honig of Google. The bug is triggered when a user specifies an invalid IOAPIC REG SELECT value which is reachable via read KVM I/O device operation as you can see below. Additionally, if a user makes a read by invoking IOAPIC REG WINDOW it will result in calling ioapic read indirect(). Here is what this function does. And this is because it is ar...
xorl.wordpress.com
About | xorl %eax, %eax
https://xorl.wordpress.com/about
Xorl %eax, %eax. Another random blogger from Greece. For anything you may need you can contact me via email at: xorl. January 1, 2009 at 07:03. Gera’s insecure programming (5). Motorcycles and cars (14). Raptor’s wargames (2). Track of the Day. Καλά, δεν έχω παράπονο. 3 years ago. Exploiting Samsung Galaxy S4 secure boot: blog.azimuthsecurity.com/2013/05/exploi. Thank you for writing all these books! That might help you. 3 years ago. Άντε καλή τύχη και επιτυχία γειτόνισσα! Send to Email Address.
xorl.wordpress.com
CVE-2013-1796: Linux kernel KVM MSR_KVM_SYSTEM_TIME Buffer Overflow | xorl %eax, %eax
https://xorl.wordpress.com/2013/05/22/cve-2013-1796-linux-kernel-kvm-msr_kvm_system_time-buffer-overflow
Xorl %eax, %eax. CVE-2013-1796: Linux kernel KVM MSR KVM SYSTEM TIME Buffer Overflow. Leave a comment ». This is a really nice vulnerability killed by Andy Honig. It is particularly interesting because it allows host kernel memory corruption through guest GPA (Guest Physical Address) manipulation. If we have a look in arch/x86/kvm/x86.c we can see the following code. So by utilizing the ‘MSR KVM SYSTEM TIME’ kvmclock MSR a user can set ‘vcpu- arch.time page’ through gfn to pag...The arbitrary write occur...
xorl.wordpress.com
xorl %eax, %eax | Page 2
https://xorl.wordpress.com/page/2
Xorl %eax, %eax. CVE-2013-1774: Linux kernel Edgeport USB Serial Converter NULL Pointer Dereference. Leave a comment ». This is a vulnerability fixed by Wolfgang Frisch and the buggy code resides in drivers/usb/serial/io ti.c as you can see below. Unsigned long flags; if (! Tty) return; if (! May 18, 2013 at 16:14. CVE-2013-1819: Linux kernel XFS xfs buf find() NULL Pointer Dereference. First of all, the xfs addr to agno() C macro is the following as defined in fs/xfs/xfs mount.h header file. As Dave Chi...
xorl.wordpress.com
CVE-2013-3228: Linux kernel IrDA Information Leak | xorl %eax, %eax
https://xorl.wordpress.com/2013/05/26/cve-2013-3228-linux-kernel-irda-information-leak
Xorl %eax, %eax. CVE-2013-3228: Linux kernel IrDA Information Leak. This is another simple kernel memory information leak fixed by Mathias Krauss. Here is the exact code where this bug is located in net/irda/af irda.c code. This is a command which is defined as shown below. And the fix was to add the missing initialization. IRDA DEBUG(4, %s() n, func ); msg- msg namelen = 0; skb = skb recv datagram(sk, flags and MSG DONTWAIT, flags and MSG DONTWAIT, &err);. May 26, 2013 at 14:18. What’s missing in ...