Black Hat Europe 2011 update
Black Hat Europe 2011 is now over and we are very happy to have participated once again in the best European IT security conference!
FreeBSD kernel NFS client local vulnerabilities
| CENSUS ID: | CENSUS-2010-0001 |
| CVE ID: | CVE-2010-2020 |
| Affected Products: | FreeBSD 8.0-RELEASE, 7.3-RELEASE, 7.2-RELEASE |
| Class: | Improper Input Validation (CWE-20) |
| Remote: | No |
| Discovered by: | Patroklos Argyroudis |
We have discovered two improper input validation vulnerabilities in the FreeBSD kernel’s NFS client-side implementation (FreeBSD 8.0-RELEASE, 7.3-RELEASE and 7.2-RELEASE) that allow local unprivileged users to escalate their privileges, or to crash the system by performing a denial of service attack.
FreeBSD kernel exploitation mitigations
In my recent Black Hat Europe 2010 talk I gave an overview of the kernel exploitation prevention mechanisms that exist on FreeBSD. A few people at the conference have subsequently asked me to elaborate on the subject. In this post I will collect all the information from my talk and the various discussions I had in the Black Hat conference hallways.
Black Hat Europe 2010 update
Black Hat Europe 2010 is now over and after a brief ash cloud caused delay I am back in Greece. It has been a great conference, flawlessly organised and with many outstanding presentations. I would like to thank everyone that attended my presentation but also all the kind people that spoke to me before and afterwards. I hope to meet all of you again at a future event.