NetBSD NFS Kernel Vulnerability

This was from InfoSect's first group auditing session.

http://mail-index.netbsd.org/source-changes/2018/01/25/msg091481.html

There must be a lot of embedded NetBSD systems running NFS..

Comments

Post a comment

Popular posts from this blog

Heap Exploitation in Chrome's PartitionAlloc - part 1

Image
Dr Silvio Cesare
@silviocesare
Summary PartitionAlloc is the hardened heap allocator used in Google's Chrome web browser. It is susceptible to a number of attacks. This blog post describes the first attack in a series of posts. I will talk about freelist poisoning and how to make an allocation request return an arbitrary pointer. This can be used with application-logic to develop an arbitrary write primitive.
Introduction In heap allocators, freelists maintain a group of free memory chunks that are available to be recycled by an allocation request. Freelist poisoning corrupts this list and injects a "fake chunk" pointer. A later allocation will return this fake chunk pointer. So it is possible to make an allocation request return an arbitrary pointer.

I have blogged about freelist poisoning extensively. It is a common attack that many allocators are vulnerable to.

https://blog.infosectcbr.com.au/2020/03/weaknesses-in-linux-kernel-heap.html
https://blog.infosectcbr.com.au/2…
Read more