[Dailydave] MoKB: Friday-Monday report (1)
L.M.H
lmh at info-pull.com
Mon Nov 6 15:16:57 Local tim 2006
Hi,
It's been a nice weekend, and a couple issues for MoKB have been
released. I prefer to keep people informed through weekly or 4-day
reports. That way the buzz on mailing lists becomes less annoying and
I can get a feedback 'digest'.
Friday 3: FreeBSD 6.1 UFS filesystem ffs_mountfs() integer overflow
http://projects.info-pull.com/mokb/MOKB-03-11-2006.html
Saturday 4: Solaris 10 UFS filesystem alloccgblk denial of service
http://projects.info-pull.com/mokb/MOKB-04-11-2006.html
Sunday 5: Linux 2.6.x ISO9660 __find_get_block_slow() denial of service
http://projects.info-pull.com/mokb/MOKB-05-11-2006.html
Monday 6: Microsoft Windows kernel GDI local privilege escalation
http://projects.info-pull.com/mokb/MOKB-06-11-2006.html
Kernel Fun blog: http://kernelfun.blogspot.com/
Enjoy.
This week will be a nice one. For MOKB-03-11-200, the 'variant' of the
issue will be released probably this Wednesday, altogether with the
proof of concept image.
It could be nice to know what bugs people prefer to be released
earlier. Linux, FreeBSD, OS X, Solaris 10, MS Windows.
BTW, a specific fuzzer for Mac OS X is in the works, and it's not a
'wrapper over mangle'. It's a more targeted one, which I expect to
release in a week or so. I need to release some fsfuzzer modifications
as well (ex. Solaris compatibility changes).
If someone has some money to waste, I would love to have a _cheap_ Mac Mini ;-)
It will be used for testing purposes only (hence why 'money to waste',
I need it for "breaking" it).
I can stick to an Intel-based Macbook for testing but it becomes
rather messy when FileVault and couple other things get in the picture
(and changing accounts, etc; is certainly a tedious, sub-optimal
task).
Cheers.
More information about the Dailydave
mailing list