Re: Exploiting Kernel Buffer Overflows FreeBSD Style

[Alfred Perlstein <bright () WINTELCOM NET>]

* Esa Etelavuori <eetelavu () CC HUT FI> [001228 13:50] wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
>             Exploiting Kernel Buffer Overflows FreeBSD Style:
>           Defeating Security Levels and Breaking Out of Jail(2)
>                              Esa Etelavuori
>                            December 28,  2000
>
> 1. Introduction
>
> This is a detailed case study discussing the exploitation of the FreeBSD
> kernel process filesystem buffer overflow vulnerability [7]. This is
> FreeBSD/i386 specific, but some of these techniques are applicable
> to other systems, and perhaps give a new insight to regular buffer
> overflows.

You didn't mention that you contacted us about this over a month
ago and the bug seems to be patched in both the stable and devel
versions of FreeBSD as well as 4.2-release.

----------------------------
revision 1.22
date: 2000/11/01 19:38:08;  author: eivind;  state: Exp;  lines: +2 -2
Fix overflow from jail hostname.

Bug found by:   Esa Etelavuori <eetelavu () cc hut fi>
----------------------------

Thanks for delaying your announcement and giving such a detailed
release.

--
-Alfred Perlstein - [bright () wintelcom net|alfred () freebsd org]
"I have the heart of a child; I keep it in a jar on my desk."