MoKB: Friday-Monday report (1)

[L.M.H <lmh () info-pull com>]

Hi,

It's been a nice weekend, and a couple issues for MoKB have been
released. I prefer to keep people informed through weekly or 4-day
reports. That way the buzz on mailing lists becomes less annoying and
I can get a feedback 'digest'.

Friday 3:     FreeBSD 6.1 UFS filesystem ffs_mountfs() integer overflow
                 http://projects.info-pull.com/mokb/MOKB-03-11-2006.html

Saturday 4: Solaris 10 UFS filesystem alloccgblk denial of service
                 http://projects.info-pull.com/mokb/MOKB-04-11-2006.html

Sunday 5:   Linux 2.6.x ISO9660 __find_get_block_slow() denial of service
                 http://projects.info-pull.com/mokb/MOKB-05-11-2006.html

Monday 6:   Microsoft Windows kernel GDI local privilege escalation
                 http://projects.info-pull.com/mokb/MOKB-06-11-2006.html

Kernel Fun blog: http://kernelfun.blogspot.com/

Enjoy.

This week will be a nice one. For MOKB-03-11-200, the 'variant' of the
issue will be released probably this Wednesday, altogether with the
proof of concept image.

It could be nice to know what bugs people prefer to be released
earlier. Linux, FreeBSD, OS X, Solaris 10, MS Windows.

BTW, a specific fuzzer for Mac OS X is in the works, and it's not a
'wrapper over mangle'. It's a more targeted one, which I expect to
release in a week or so. I need to release some fsfuzzer modifications
as well (ex. Solaris compatibility changes).

If someone has some money to waste, I would love to have a _cheap_ Mac Mini ;-)
It will be used for testing purposes only (hence why 'money to waste',
I need it for "breaking" it).
I can stick to an Intel-based Macbook for testing but it becomes
rather messy when FileVault and couple other things get in the picture
(and changing accounts, etc; is certainly a tedious, sub-optimal
task).

Cheers.
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave