Binding the Daemon: FreeBSD Kernel Stack and Heap Exploitation
- Type
- Paper
- Tags
- buffer overflow, exploiting, FreeBSD, kernel
- Authors
- Patroklos Argyroudis
- Event
- Black Hat EU 2010
- Indexed on
- Mar 26, 2013
- URL
- https://media.blackhat.com/bh-eu-10/whitepapers/Argyroudis/BlackHat-EU-2010-Argyroudis-FreeBSD-wp.pdf
- File name
- BlackHat-EU-2010-Argyroudis-FreeBSD-wp.pdf
- File size
- 1.3 MB
- MD5
- e4c7286d994b98abd726b73ce5c14104
- SHA1
- 457a4b7e29960bcc9a571a1b6a1aab91aa25ec01
FreeBSD (http://www.freebsd.org/) is widely accepted as one of the most reliable and performance-driven operating systems currently available in both the open source and proprietary worlds. While the exploitation of kernel vulnerabilities has been researched in the context of the Windows and Linux operating systems, FreeBSD, and BSD systems in general, have not received the same attention. This presentation will initially examine the exploitation of kernel stack overflow vulnerabilities on FreeBSD. The development process of a privilege escalation kernel stack smashing exploit will be documented for vulnerability CVE-2008-3531. The second part of the presentation will present a detailed security analysis of the Universal Memory Allocator (UMA), the FreeBSD kernel's memory allocator. We will examine how UMA overflows can lead to arbitrary code execution in the context of the latest stable FreeBSD kernel (8.0-RELEASE), and we will develop an exploitation methodology for privilege escalation and kernel continuation.
About us
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Statistics
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.
Contribute
To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.
