exploit

In the lab, popping CVE-2013-2171 for FreeBSD 9.0…

Published 11/12/2013 | By TMB

As a security researcher, I’m keen to learn new exploitation techniques and the art of kernel exploitation is no exception. Whilst preparing my slides for 44CON 2013, I was looking for an easy kernel vulnerability to demonstrate. CVE-2013-2171 was a recent vulnerability that was reported in FreeBSD 9.0 which fitted the bill. Continue reading →

Posted in Blog | Tagged analysis, CVE-2013-2171, exploit, FreeBSD

CVE-2013-5065: NDProxy array indexing error unpatched vulnerability

Published 10/12/2013 | By MTB

The purpose of this document is to present a technical report of the CVE-2013-5065 vulnerability. A few days ago, FireEye identified a 0 day kernel exploit embedded within a PDF document actively used in the wild. The vulnerability itself is present in the NDProxy kernel driver. Whilst this is present in all versions of Windows, the vulnerability itself is only present in Windows 2003 and XP. The NDProxy driver is responsible for interfacing NDISWAN and CoNDIS WAN drivers to the TAPI services. Continue reading →

Posted in Blog | Tagged analysis, CVE-2013-5065, exploit, Windows

Memory Squatting: Attacks On System V Shared Memory

Published 13/11/2013 | By TMB

Rather than representing a definitive guide, this document represents a review of the specific security issues identified during Portcullis Computer Security Ltd’s recent research into System V shared memory segments and their usage. Continue reading →

Posted in Whitepapers | Tagged 44CON, analysis, exploit, imisslsd, UNIX

smaSHeM

Published 12/11/2013 | By TMB

smaSHeM is a System V shared memory segment manipulator. Continue reading →

Posted in Tools | Tagged 44CON, conference, exploit, imisslsd, UNIX

CVE-2013-0640: Adobe Reader XFA oneOfChild Un-initialized memory vulnerability (part 2)

Published 15/10/2013 | By MTB

The purpose of this document is to present the second part of a technical report of the CVE-2013-0640 vulnerability targeting Adobe Reader version 9, 10 and 11. It was first spotted in February 2013 and has been used actively in the wild. Continue reading →

Posted in Blog | Tagged Adobe Reader, analysis, CVE-2013-0640, exploit

CVE-2013-0640: Adobe Reader XFA oneOfChild Un-initialized memory vulnerability (part 1)

Published 26/09/2013 | By MTB

This document aims to present a technical report of the CVE-2013-0640 vulnerability targeting Adobe Reader version 9, 10 and 11. It was first spotted in February 2013 and has been used actively in the wild. This is the first article of a set. It covers the full detailed analysis of the bug. Continue reading →

Posted in Blog | Tagged Adobe Reader, analysis, CVE-2013-0640, exploit

I miss LSD

Published 15/09/2013 | By TMB

Presentation on system level vulnerabilities (as given at 44CON 2013). Continue reading →

Posted in Presentations | Tagged 44CON, conference, exploit, imisslsd, root, UNIX

In the lab, popping CVE-2013-4011 for AIX 7.1…

Published 20/07/2013 | By TMB

Early this morning, whilst checking my mail, I saw an interesting advisory come out on one of the lists. The fact that it affects AIX 7.1 was particularly interesting because this is the most recent release. Unlike some of the other commercial UNIX vendors, IBM make their security patches nice and accessible, so I decided to take it for a spin. Continue reading →