Saturday, November 11, 2006

Wireless fun with MOKB-11-11-2006

The Broadcom BCMWL5.SYS wireless device driver is vulnerable to a stack-based buffer overflow that can lead to arbitrary kernel-mode code execution. This particular vulnerability is caused by improper handling of 802.11 probe responses containing a long SSID field. The BCMWL5.SYS driver is bundled with new PCs from HP, Dell, Gateway, eMachines, and other computer manufacturers. Broadcom has released a fixed driver to their partners, which are in turn providing updates for the affected products. Linksys, Zonet, and other wireless card manufactures also provide devices that ship with this driver.

More details and proof of concept (exploit) at

Tuesday, November 07, 2006

kdump for Fedora Core 6 (and more Month of Kernel Bugs fun)

A nice how-to document about setting up kdump to work with the official kernel packages of Fedora Core 6. Neat for those using FC 6 and deal with kernel panics, oops, soft lockups, etc. Even better if you have the reference of the crash tool (which makes gdb command line similar to the Solaris (k)mdb debugger, probably one of the best kernel debugging tools out there).

Not so nice that Mac OS X still has no support for local kernel 'core' dumps, even if it's based on FreeBSD which already does this out of the box with the proper settings. Maybe for the next service pack :-).
Anyway, the MoKB release of today: MOKB-07-11-2006 - Linux 2.6.x zlib_inflate memory corruption. Also at the Kernel Fun blog.

Wednesday, November 01, 2006

First Month of Kernel Bugs (MoKB) release

The first MoKB release is out (a memory corruption bug in the Apple Airport device drivers, that can lead to arbitrary code execution, contributed by HD). Also, the archive is up and running, among the BSD version of fsfuzzer. Kelly Jackson from Dark Reading has written two nice articles about MoKB. Also, an article has been written by Brian Kebs for the Security Fix blog of the Washington Post.