Monday, November 30, 2009

Always check return value!

A nice bug inside the FreeBSD runtime linker has been
reported here.

It was good that I hashed my previous exploit
(discovered it some months ago) in my twitter message
from November 5th:

md5 4b1717926ed0d4823622011625fb1824 sha1 6871fd05efbddf7eea4447f7bfdc1c9a45979fe3

Since a public exploit is now available anyway,
I also make my version public and you can check the


to prove it.

I have a strange feeling that this re-discovery comes now,
since I talked to some people regarding BSD bugs lately.
Nevertheless I know kingcope is a skilled reviewer and
it was not the first time he had BSD as a target.

Sunday, November 15, 2009

Adventures in Heap Cloning

Heap seems to be a magic word. I never got download rates
like this for a paper. Since there was no feedback that
told me that I am completely wrong, I make it
available to a broader public now. A small chapter has been
added: 'Countermeasures'.
The paper is available here.
You probably know that I am not a memory-guy, so do not
expect much more research in this area by me.
I rather really enjoy developing code that hashes
like this:  
sha1: c60a0e1daff22c0d97eb03f509c7135d119d830b
md5: fcb19f8317449ad9f93a12fccb63c650.

Monday, November 2, 2009

xorl blog seems to be up again

A few weeks/months ago I sadly realized that the author
of the xorl blog was quitting his writeups. Now it seems
that he is continuing his activities. Now I have
something nice to read at the beginning of the day.
Although he doesn't speak about vulnerabilities he found
himself, its one of the better security blogs in my opinion.
I really enjoy reading it and like to recommend it to
everyone interested in software trickery.
I want more OpenBSD foo. :)