Real Name | Rodrigo Rubira Branco BSDaemon |
---|---|
Email address | rodrigo at kernelhacking.com |
Website | www.kernelhacking.com/rodrigo |
First Active | 2004-12-12 |
Last Active | 2012-05-15 |
This Metasploit module exploits a buffer overflow vulnerability in opcode 21 handled by rpc.cmsd on AIX. By making a request with a long string passed to the first argument of the "rtable_create" RPC, a stack based buffer overflow occurs. This leads to arbitrary code execution.
aff1d1ff1b53822a5be662ef7f7cb50a2f60bbc8bab207ec0fc7df83f3270216
AIX RPC.cmsd remote stack buffer overflow proof of concept exploit.
7c8e41a206c1c2240e87d6853f2c71873a26177a618a781f20802d31ab305649
iDefense Security Advisory 10.07.09 - Remote exploitation of a stack based buffer overflow vulnerability in IBM Corp.'s AIX could allow an attacker to execute arbitrary code with the privileges of the affected service. rpc.cmsd, more commonly known as the Calendar Manager Service Daemon, is an RPC application used to manage schedules and calendars. It operates over SUN RPC. The vulnerability is triggered when handling a request for remote procedure 21. This function takes two arguments, both of which are XDR strings. When copying the first argument into a stack based buffer, the code does not properly verify its length. This results in a stack based buffer overflow vulnerability. iDefense has confirmed the existence of this vulnerability in AIX versions 5.3 and 5.2.
e622abe9b0845daaab5cfe3b95d2641f11a23e3387e454d48596ac147be98ab7
Wordtrans versions 1.1pre15 and below suffer from a remote command execution vulnerability.
9f4ca2d30eb9380812408acde59d76f651d904aae90429f3a7ac90c8aa46f819
Wordtrans versions 1.1pre15 and below suffer from a remote command execution vulnerability.
814c6ab1521260d3612b4edbe36693584c0715dc695658fb7981815e541d17eb
QNX RTOS phgrafx version 6.3.2 and 6.3.0 suffer from a privilege escalation vulnerability.
e23be13df8fd537aef189f37ab29904476273d422a27ea521008e7f3c337d463
Hacking The Cell Architecture - This presentation intends to cover security aspects related to a new architecture, widely deployed and used called Cell. The architecture itself will be deeply explained, focusing on the security concerns that appear in this kind of asymmetric multi-core systems. While Cell architecture is used in the new playstation 3 it is also used in big blade machines.
6652d0e5155144577fa230a1ebfc66f7778e0db6b263a9c2ec8f132977fb67e3
FreeBSD Security Advisory - The firewire(4) driver suffers from a kernel memory disclosure flaw.
4db745ec6a09022919249c4b5643014725cec3d5b47739879440d0729ce0431d
The Firewire device enabled by default in the GENERIC kernel for TrusedBSD* defines an IOCTL function which can be malicious called passing a negative buffer length value. This value will bypass the length check (because the value is negative) and will be used in a copyout operation. This is a kernel bug and the system can be compromised by local users and important system information can be disclosed.
f94ae1bcce3d81531804a53063bbcd52822d657019342bcde89ef71668151272
The Firewire device enabled by default in the GENERIC kernel for DragonFlyBSD defines an IOCTL function which can be malicious called passing a negative buffer length value. This value will bypass the length check (because the value is negative) and will be used in a copyout operation. This is a kernel bug and the system can be compromised by local users and important system information can be disclosed.
544872d3cf1474aa8017d59d4555b331e3d8e6bc6286478e935ee38627971745
The Firewire device enabled by default in the GENERIC kernel for NetBSD defines an IOCTL function which can be malicious called passing a negative buffer length value. This value will bypass the length check (because the value is negative) and will be used in a copyout operation. This is a kernel bug and the system can be compromised by local users and important system information can be disclosed.
13c192bac8d2f8ab8a9022715e1340029f8bed9822169e74a3ea56a0de711ecb
The Firewire device enabled by default in the GENERIC kernel for FreeBSD defines an IOCTL function which can be malicious called passing a negative buffer length value. This value will bypass the length check (because the value is negative) and will be used in a copyout operation. This is a kernel bug and the system can be compromised by local users and important system information can be disclosed.
82423b755e39255304cd291c2c1e57430c3c394fcfe1bff6e87af69b61b6bb54
Firewire patch for BSD kernels that fixes an improper length check.
e5d6f7c84c09a9181031304f08adb48507c1fa8f8d06c44330f6609ff4321308
The call for papers is open for the Hackers to Hackers Conference being held in November, 2006.
55382a5bcdc4f88194115aa1e7d5f7c18732c40caa229cc5e4cdba265ecb05f0
Call For Papers for the Hackers to Hackers Conference III.
a7da981ac3611e29242cc1da96c73efb7f6bd6da4e39b530b84902698c5290ec
ASM sources for the SCMorphism decoders and simple C programs to test it. Using this as base, you can develop a lot of different decoders by yourself.
4e1c1ee9f38606293dcc7f50ba8b0bbeaabff855d068e90df4ec4ff4939bac30
StMichael is a LKM that attempts to provide a level of protection against kernel-module rootkits. StMichael is designed to be loaded early in the system boot process, and is intended to be present and running on its host system prior to the introduction of malicious kernel modules. StMichael provides this protection by monitoring various portions of the kernel, and optionally the entire kernel text itself, for modifications that may indicate the presence of a malicious kernel module. If rootkit-like activity is detected, StMichael will attempt to recover the kernel's integrity by rolling back the changes made to a previously known-good state.
adc3452e7d816d4e5d6ed1c7456dfebf7c3df08482f47ee327c38bfe49184643
StMichael is a LKM that attempts to provide a level of protection against kernel-module rootkits. StMichael is designed to be loaded early in the system boot process, and is intended to be present and running on its host system prior to the introduction of malicious kernel modules. StMichael provides this protection by monitoring various portions of the kernel, and optionally the entire kernel text itself, for modifications that may indicate the presence of a malicious kernel module. If rootkit-like activity is detected, StMichael will attempt to recover the kernel's integrity by rolling back the changes made to a previously known-good state.
ff8ec12f68893b5afc4a6cec3000fa2633c142ce110705b622d4881cffa2bcf2
SCMorphism is a shellcode polymorphism tool designed to automatically encode shellcodes using various decoders and techniques.
4d93424ef8c4a46c30f0f298cbb3f1ce47eedd59c269ff18fb66c97c102afcbd
Whitepaper discussing intrusion detection system evasion. It specifically focuses on polymorphic attacks using scmorphism. This document is written in Brazilian Portuguese.
4c01788c64835335cd4d03cfe30a9b30ba0acb96462888063ab547453608b1d0
Saint Jude LKM is a Linux Kernel Module for the 2.2.0 and 2.4.0 series of kernels. This module implements the Saint Jude model for improper privilege transitions. This will permit the discovery of local and remote root exploits during the exploit itself. Once discovered, Saint Jude will terminate the execution, preventing the root exploit from occurring. This is done without checking for attack signatures of known exploits, and thus should work for both known and unknown exploits.
346d9edcd3235baec8b9dd85be165c5fd6c0f93f2a6bf3252ac21640c24cc291
StMichael is a LKM that attempts to provide a level of protection against kernel-module rootkits. StMichael is designed to be loaded early in the system boot process, and is intended to be present and running on its host system prior to the introduction of malicious kernel modules. StMichael provides this protection by monitoring various portions of the kernel, and optionally the entire kernel text itself, for modifications that may indicate the presence of a malicious kernel module. If rootkit-like activity is detected, StMichael will attempt to recover the kernel's integrity by rolling back the changes made to a previously known-good state.
fbc421f4251b05aecaeb01f939302594c2a7090f9d731b7f6872c015173cd659
SCMorphism is a shellcode polymorphism tool designed to automatically encode shellcodes using various decoders and techniques.
29a7d7fa8d76082cb40c9cddaf4b04cbdb5c5ccb23f2aa1cea9f32b7ef9c08d9