| Real Name | Rodrigo Rubira Branco BSDaemon |
|---|---|
| Email address | rodrigo at kernelhacking.com |
| Website | www.kernelhacking.com/rodrigo |
| First Active | 2004-12-12 |
| Last Active | 2012-05-15 |
This Metasploit module exploits a buffer overflow vulnerability in opcode 21 handled by rpc.cmsd on AIX. By making a request with a long string passed to the first argument of the "rtable_create" RPC, a stack based buffer overflow occurs. This leads to arbitrary code execution.
aff1d1ff1b53822a5be662ef7f7cb50a2f60bbc8bab207ec0fc7df83f3270216AIX RPC.cmsd remote stack buffer overflow proof of concept exploit.
7c8e41a206c1c2240e87d6853f2c71873a26177a618a781f20802d31ab305649iDefense Security Advisory 10.07.09 - Remote exploitation of a stack based buffer overflow vulnerability in IBM Corp.'s AIX could allow an attacker to execute arbitrary code with the privileges of the affected service. rpc.cmsd, more commonly known as the Calendar Manager Service Daemon, is an RPC application used to manage schedules and calendars. It operates over SUN RPC. The vulnerability is triggered when handling a request for remote procedure 21. This function takes two arguments, both of which are XDR strings. When copying the first argument into a stack based buffer, the code does not properly verify its length. This results in a stack based buffer overflow vulnerability. iDefense has confirmed the existence of this vulnerability in AIX versions 5.3 and 5.2.
e622abe9b0845daaab5cfe3b95d2641f11a23e3387e454d48596ac147be98ab7Wordtrans versions 1.1pre15 and below suffer from a remote command execution vulnerability.
9f4ca2d30eb9380812408acde59d76f651d904aae90429f3a7ac90c8aa46f819Wordtrans versions 1.1pre15 and below suffer from a remote command execution vulnerability.
814c6ab1521260d3612b4edbe36693584c0715dc695658fb7981815e541d17ebQNX RTOS phgrafx version 6.3.2 and 6.3.0 suffer from a privilege escalation vulnerability.
e23be13df8fd537aef189f37ab29904476273d422a27ea521008e7f3c337d463Hacking The Cell Architecture - This presentation intends to cover security aspects related to a new architecture, widely deployed and used called Cell. The architecture itself will be deeply explained, focusing on the security concerns that appear in this kind of asymmetric multi-core systems. While Cell architecture is used in the new playstation 3 it is also used in big blade machines.
6652d0e5155144577fa230a1ebfc66f7778e0db6b263a9c2ec8f132977fb67e3FreeBSD Security Advisory - The firewire(4) driver suffers from a kernel memory disclosure flaw.
4db745ec6a09022919249c4b5643014725cec3d5b47739879440d0729ce0431dThe Firewire device enabled by default in the GENERIC kernel for TrusedBSD* defines an IOCTL function which can be malicious called passing a negative buffer length value. This value will bypass the length check (because the value is negative) and will be used in a copyout operation. This is a kernel bug and the system can be compromised by local users and important system information can be disclosed.
f94ae1bcce3d81531804a53063bbcd52822d657019342bcde89ef71668151272The Firewire device enabled by default in the GENERIC kernel for DragonFlyBSD defines an IOCTL function which can be malicious called passing a negative buffer length value. This value will bypass the length check (because the value is negative) and will be used in a copyout operation. This is a kernel bug and the system can be compromised by local users and important system information can be disclosed.
544872d3cf1474aa8017d59d4555b331e3d8e6bc6286478e935ee38627971745The Firewire device enabled by default in the GENERIC kernel for NetBSD defines an IOCTL function which can be malicious called passing a negative buffer length value. This value will bypass the length check (because the value is negative) and will be used in a copyout operation. This is a kernel bug and the system can be compromised by local users and important system information can be disclosed.
13c192bac8d2f8ab8a9022715e1340029f8bed9822169e74a3ea56a0de711ecbThe Firewire device enabled by default in the GENERIC kernel for FreeBSD defines an IOCTL function which can be malicious called passing a negative buffer length value. This value will bypass the length check (because the value is negative) and will be used in a copyout operation. This is a kernel bug and the system can be compromised by local users and important system information can be disclosed.
82423b755e39255304cd291c2c1e57430c3c394fcfe1bff6e87af69b61b6bb54Firewire patch for BSD kernels that fixes an improper length check.
e5d6f7c84c09a9181031304f08adb48507c1fa8f8d06c44330f6609ff4321308The call for papers is open for the Hackers to Hackers Conference being held in November, 2006.
55382a5bcdc4f88194115aa1e7d5f7c18732c40caa229cc5e4cdba265ecb05f0Call For Papers for the Hackers to Hackers Conference III.
a7da981ac3611e29242cc1da96c73efb7f6bd6da4e39b530b84902698c5290ecASM sources for the SCMorphism decoders and simple C programs to test it. Using this as base, you can develop a lot of different decoders by yourself.
4e1c1ee9f38606293dcc7f50ba8b0bbeaabff855d068e90df4ec4ff4939bac30StMichael is a LKM that attempts to provide a level of protection against kernel-module rootkits. StMichael is designed to be loaded early in the system boot process, and is intended to be present and running on its host system prior to the introduction of malicious kernel modules. StMichael provides this protection by monitoring various portions of the kernel, and optionally the entire kernel text itself, for modifications that may indicate the presence of a malicious kernel module. If rootkit-like activity is detected, StMichael will attempt to recover the kernel's integrity by rolling back the changes made to a previously known-good state.
adc3452e7d816d4e5d6ed1c7456dfebf7c3df08482f47ee327c38bfe49184643StMichael is a LKM that attempts to provide a level of protection against kernel-module rootkits. StMichael is designed to be loaded early in the system boot process, and is intended to be present and running on its host system prior to the introduction of malicious kernel modules. StMichael provides this protection by monitoring various portions of the kernel, and optionally the entire kernel text itself, for modifications that may indicate the presence of a malicious kernel module. If rootkit-like activity is detected, StMichael will attempt to recover the kernel's integrity by rolling back the changes made to a previously known-good state.
ff8ec12f68893b5afc4a6cec3000fa2633c142ce110705b622d4881cffa2bcf2SCMorphism is a shellcode polymorphism tool designed to automatically encode shellcodes using various decoders and techniques.
4d93424ef8c4a46c30f0f298cbb3f1ce47eedd59c269ff18fb66c97c102afcbdWhitepaper discussing intrusion detection system evasion. It specifically focuses on polymorphic attacks using scmorphism. This document is written in Brazilian Portuguese.
4c01788c64835335cd4d03cfe30a9b30ba0acb96462888063ab547453608b1d0Saint Jude LKM is a Linux Kernel Module for the 2.2.0 and 2.4.0 series of kernels. This module implements the Saint Jude model for improper privilege transitions. This will permit the discovery of local and remote root exploits during the exploit itself. Once discovered, Saint Jude will terminate the execution, preventing the root exploit from occurring. This is done without checking for attack signatures of known exploits, and thus should work for both known and unknown exploits.
346d9edcd3235baec8b9dd85be165c5fd6c0f93f2a6bf3252ac21640c24cc291StMichael is a LKM that attempts to provide a level of protection against kernel-module rootkits. StMichael is designed to be loaded early in the system boot process, and is intended to be present and running on its host system prior to the introduction of malicious kernel modules. StMichael provides this protection by monitoring various portions of the kernel, and optionally the entire kernel text itself, for modifications that may indicate the presence of a malicious kernel module. If rootkit-like activity is detected, StMichael will attempt to recover the kernel's integrity by rolling back the changes made to a previously known-good state.
fbc421f4251b05aecaeb01f939302594c2a7090f9d731b7f6872c015173cd659SCMorphism is a shellcode polymorphism tool designed to automatically encode shellcodes using various decoders and techniques.
29a7d7fa8d76082cb40c9cddaf4b04cbdb5c5ccb23f2aa1cea9f32b7ef9c08d9
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed