kernelfun.blogspot.com
Kernel Fun: MOKB-24-11-2006: Mac OS X kqueue Local Denial of Service
http://kernelfun.blogspot.com/2006/11/mokb-24-11-2006-mac-os-x-kqueue-local.html
Friday, November 24, 2006. MOKB-24-11-2006: Mac OS X kqueue Local Denial of Service. Inconsistent handling of kqueue. Interfaces in the Mac OS X kernel, allows local unprivileged users to cause a denial of service condition. This particular vulnerability can be abused by a process registering a queue and a kernel event via the kevent() call, then spawning a child via fork() and attempting to register another event for the same ("parent") queue. More details and debugging information. MOKB-18-11-2006: Net...
kernelfun.blogspot.com
Kernel Fun: MOKB-20-11-2006: Mac OS X Apple UDIF Disk Image Kernel Memory Corruption (1)
http://kernelfun.blogspot.com/2006/11/mokb-20-11-2006-mac-os-x-apple-udif.html
Monday, November 20, 2006. MOKB-20-11-2006: Mac OS X Apple UDIF Disk Image Kernel Memory Corruption (1). Mac OS X com.apple.AppleDiskImageController. Fails to properly handle corrupted DMG image structures, leading to an exploitable memory corruption. Condition with potential kernel-mode arbitrary code execution. More details and debugging information. Proof of concept: MOKB-20-11-2006. Needs decompressing), MOKB-20.dmg. Direct link for proud Safari users). Notes on MOKB-26-11-2006: otool affected as well.
blog.info-pull.com
Info-pull.com blog: October 2006
http://blog.info-pull.com/2006_10_01_archive.html
Friday, October 13, 2006. Windows 2000 SP4 WehnTrust Home User. Just a quick note about WehnTrust Home User. 1009 results from a Vista-Probe 0.2 test run in a Windows 2000 Professional SP4 installation. skape has done a nice job with the ASLR stuff, it beats Vista so far (15 bits to 8bits for heap in RC1). Hope to test the SEH overwrite protection and the other goodies from commercial version soon. Links to this post. Month of Kernel Bugs. Month of Apple Bugs. Windows 2000 SP4 WehnTrust Home User.
kernelfun.blogspot.com
Kernel Fun: MOKB-16-11-2006: NetGear WG111v2 Wireless Driver Long Beacon Overflow
http://kernelfun.blogspot.com/2006/11/mokb-16-11-2006-netgear-wg111v2.html
Thursday, November 16, 2006. MOKB-16-11-2006: NetGear WG111v2 Wireless Driver Long Beacon Overflow. The NetGear WG111v2 wireless adapter. USB) ships with a version of WG111v2.SYS that is vulnerable to a stack-based buffer overflow. This overflow can lead to arbitrary kernel-mode code execution. The overflow occurs when a 802.11 beacon request is received that contains over 1100 bytes of information elements. Proof of concept: netgear wg111 beacon.rb. MOKB-30-11-2006: Apple Airport Extreme Beacon Fram.
kernelfun.blogspot.com
Kernel Fun: MOKB-30-11-2006: Apple Airport Extreme Beacon Frame Denial of Service
http://kernelfun.blogspot.com/2006/11/mokb-30-11-2006-apple-airport-extreme.html
Thursday, November 30, 2006. MOKB-30-11-2006: Apple Airport Extreme Beacon Frame Denial of Service. Apple Airport Extreme driver. Fails to handle certain beacon frames, leading to an out of bounds memory access, resulting in a so-called kernel panic. Other security implications may exist, although this hasn't been verified and no details can be provided until further research is done. This issue is being coordinated with Apple. MOKB-30-11-2006: Apple Airport Extreme Beacon Fram. MOKB-18-11-2006: NetGear ...
kernelfun.blogspot.com
Kernel Fun: Notes on MOKB-26-11-2006: otool affected as well
http://kernelfun.blogspot.com/2006/11/notes-on-mokb-26-11-2006-otool-affected.html
Sunday, November 26, 2006. Notes on MOKB-26-11-2006: otool affected as well. MOKB-26-11-2006 also exposes a vulnerability in the otool utility:. Otool -f mach-o bug pagefault univ 1. GNU gdb 6.3.50-20050815 (Apple version gdb-573) (Fri Oct 20 15:50:43 GMT 2006). GDB is free software, covered by the GNU General Public License, and you are. Welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. Gdb) r -d mach-o bug pagefault univ 1. Besides ...
kernelfun.blogspot.com
Kernel Fun: MOKB-29-11-2006: Linux 2.6.7 - 2.6.18.3 get_fdb_entries() Integer Overflow
http://kernelfun.blogspot.com/2006/11/mokb-29-11-2006-linux-267-26183.html
Wednesday, November 29, 2006. MOKB-29-11-2006: Linux 2.6.7 - 2.6.18.3 get fdb entries() Integer Overflow. Linux 2.6.7 - 2.6.18.3 get fdb entries() function is vulnerable to an integer overflow condition. This could be abused to force memory allocation of an attacker controlled size. Successful exploitation could allow arbitrary code execution. More details and debugging information. MOKB-30-11-2006: Apple Airport Extreme Beacon Fram. MOKB-29-11-2006: Linux 2.6.7 - 2.6.18.3 get fdb en. MOKB-14-11-2006: Li...
kernelfun.blogspot.com
Kernel Fun: MOKB-27-11-2006: Mac OS X AppleTalk AIOCREGLOCALZN Ioctl Memory Corruption
http://kernelfun.blogspot.com/2006/11/mokb-27-11-2006-mac-os-x-appletalk.html
Monday, November 27, 2006. MOKB-27-11-2006: Mac OS X AppleTalk AIOCREGLOCALZN Ioctl Memory Corruption. Mac OS X AppleTalk. Protocol handling code is vulnerable to an exploitable memory corruption. Issue This particular vulnerability is caused by failure to validate input data in the AIOCREGLOCALZN ioctl command. More details and debug information. Proof of concept: MOKB-27-11-2006.c (x86). MOKB-30-11-2006: Apple Airport Extreme Beacon Fram. MOKB-28-11-2006: Mac OS X shared region make priva. MOKB-14-11-2...
kernelfun.blogspot.com
Kernel Fun: MOKB-22-11-2006: NetGear WG311v1 Wireless Driver Long SSID Overflow
http://kernelfun.blogspot.com/2006/11/mokb-22-11-2006-netgear-wg311v1.html
Wednesday, November 22, 2006. MOKB-22-11-2006: NetGear WG311v1 Wireless Driver Long SSID Overflow. The NetGear WG311v1 wireless adapter. PCI) ships with a version of WG311ND5.SYS that is vulnerable to a heap-based buffer overflow condition. This issue may lead to arbitrary kernel-mode code execution. More details and debugging information. Proof of concept: auxiliary/dos/wireless/netgear wg311pci.rb. MOKB-30-11-2006: Apple Airport Extreme Beacon Fram. MOKB-28-11-2006: Mac OS X shared region make priva.
kernelfun.blogspot.com
Kernel Fun: 11/01/2006 - 12/01/2006
http://kernelfun.blogspot.com/2006_11_01_archive.html
Thursday, November 30, 2006. MOKB-30-11-2006: Apple Airport Extreme Beacon Frame Denial of Service. Apple Airport Extreme driver. Fails to handle certain beacon frames, leading to an out of bounds memory access, resulting in a so-called kernel panic. Other security implications may exist, although this hasn't been verified and no details can be provided until further research is done. This issue is being coordinated with Apple. Wednesday, November 29, 2006. More details and debugging information. Mac OS ...