sysc.tl

4 Comments for this entry

• Marko
  September 28th, 2010 on 12:26

  I would like to check if my system is vulnerable.

  I have a lot of 2.6.26-2-xen-amd64 and 2.6.18-6-xen-amd64 kernels running as a xen domU, and it’s not clear for me if the vulnerability applies also within the domU.

  Can you provide the source code of your port?
• argp
  October 8th, 2010 on 20:39

  Unfortunately I currently cannot. However it is easily portable to Debian.
• feliz
  January 28th, 2011 on 11:09

  Looking forward to more exploits.
• tomkap
  February 16th, 2011 on 11:35

  @Marko, check this one: http://users.irx.gr/~tomkap/diagnose-2010-3081.c

• The third argument to ioctl() is traditionally
  named char *argp.

• Recent posts

  • Heap Exploitation Abstraction by Example – OWASP AppSec Research 2012
  • Black Hat USA 2012: Owning Firefox’s Heap
  • Pseudomonarchia jemallocum
  • The Linux kernel memory allocators from an exploitation perspective
  • may 2011 0day
  • Short Black Hat Europe 2011 review
  • Protecting the Core – Black Hat Europe 2011
  • CVE-2010-3081 exploit for Debian Linux
  • FreeBSD kernel NFS client local vulnerabilities
  • FreeBSD kernel exploitation mitigations

• Tags

  advisories authentication authorization black hat census code conference cryptography debugging exploit exploitation exploitation mitigation firefox freebsd google gpg graph heap ibe irssi jemalloc kernel kernel heap keysigning last.fm linux memory corruption protection opensolaris perl pgp phrack pki python research security slub solaris ssh trust management uma userland heap web of trust windows wireless æther

• Twitter

  • @ilfak Does the Hex Rays Decompiler SDK have Python bindings? 16 hours ago
  • :( code.google.com/p/pyhexrays/ 17 hours ago
  • Rotting Christ aren’t that interesting any more, but their cover of Diamanda Galas’ Orders from the Dead is epic: youtube.com/watch?v=tGR27s… 18 hours ago
  • @jduck What article? in reply to jduck 1 day ago
  • RT @rantyben: @_argp @quine GET OFF MY LAWN 2 days ago
  • @rantyben @quine ca-can we have our ball back si-sir? in reply to rantyben 2 days ago
  • @quine fuzzing with jpgs? ;) in reply to quine 2 days ago
  • So this Friday you should all follow @justdionysus :) 2 days ago
  • I modified @justdionysus‘ BlockCov a bit and used it with IDA’s proximity browser to do manual coverage analysis: flickr.com/photos/argp/87… 2 days ago
  • @cBekrar @ioerror Is there a sample available somewhere? in reply to cBekrar 2 days ago

  Follow Me on Twitter

• Categories

  • advisories
  • code
  • exploitation
  • freebsd
  • greek
  • hacks
  • kernel
  • linux
  • mac os x
  • research
  • security

• Meta

  • Log in
  • Valid XHTML