Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

NetBSD kernel local vulnerabilities

from [Evgeny Demidov] Network Security [Permanent Link]
Subject: NetBSD kernel local vulnerabilities
Date: Fri, 17 Dec 2004 23:45:33 +0300 (MSK) 
Name:          NetBSD kernel local vulnerabilities
Date:          Dec 18, 2004
Author:        Evgeny Demidov

Description:

There exists multiple vulnerabilities in NetBSD binary compatibility code.
They can be approximately divided into two parts:

1) signal number validation problems in xxx_sys_kill(),xxx_sys_sigaction() and 
similar syscalls

These are limited to local DoS only.
By passing large signal numbers to certain syscalls in compat code local 
attacker can crash the kernel.

2) buffer overflows

At least one of them can be exploited to gain full super-user privilegies.

Fix:

NetBSD has issued advisory - 
ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-010.txt.asc

History:

Oct 12, 2004 - initial vendor notification
Oct 20, 2004 - NetBSD team performed extensive audit of compat code!
Dec 18, 2004 - public release of this advisory
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • NetBSD kernel local vulnerabilities, Evgeny Demidov <=
Previous by Date:  Re: DJB's students release 44 *nix software vulnerability advisories, security curmudgeon
Next by Date:  4 Vulnerabilities in GamePort, amoXi Devilkin
Previous by Thread:  [Full-Disclosure] Re: Linux kernel IGMP vulnerabilities, Timothy Hall
Next by Thread:  [OpenPKG-SA-2004.056] OpenPKG Security Advisory (cvstrac), OpenPKG
Indexes:  [Date] [Thread] [Top] [All Lists]