Posted on August 2, 2010
by Ramon de Carvalho Valle
We will be at LinuxCon Brazil 2010, Aug. 31 – Sept. 1, at the World Trade Center Convention Center, São Paulo, Brazil.
This is the official announcement:
The Linux Foundation is pleased to announce the launch of LinuxCon Brazil taking place this fall in São Paulo. LinuxCon is already the premiere Linux conference in both North America and Asia, providing an unmatched collaboration and education space for all matters Linux, and we are pleased to be able to extend this event into South America.
LinuxCon Brazil will bring together the best and brightest that the Linux community has to offer, including community developers, system administrators, business executives and operations experts. LinuxCon Brazil will deliver attendees top notch speaking talent from around the globe, innovative and abundant program content, and a wide variety of opportunities to connect with peers.
We hope to see you there.
View more information about LinuxCon Brazil 2010
Posted on May 23, 2010
by Ramon de Carvalho Valle
We are pleased to announce the release of a new version of our UNIX Assembly Components for Proof of Concept Codes (unixasm).
The unixasm is a set of assembly components for proof of concept codes on different operating systems and architectures. These components were carefully designed and implemented for maximum reliability, following strict coding standards and requirements, such as system call invocation standards, position independent, register independent and zero free code. A special attention was put on code length when designing and implementing them, resulting in the most reliable and shortest codes for such purpose available today.
Changes in this version:
- Add support to AIX Versions 6.1.4, 6.1.3, 6.1.2, 6.1.1, 5.3.10, 5.3.9, 5.3.8, 5.3.7.
- Change the base value used for calculating the system call numbers and arguments to avoid null bytes in newer versions of AIX.
These components are also available as part of Metasploit Penetration Testing Framework and Metasploit Express as payload modules.
The unixasm project is now controlled by Git and hosted at GitHub, you can view the project’s page or view project’s repository on GitHub.
Posted on April 2, 2010
by Ramon de Carvalho Valle
April 18, 2010: I updated the patch with the modifications suggested by Andrea. The problems in building the vmci module on the x86_64 architecture are fixed now.
I released a new patch for VMware Server 2.0.2 which brings some improvements, adds support for newer versions of the Linux kernel and fixes all the problems mentioned in the previous post. The patch was made to be the least intrusive as possible in the VMware Server 2.0.2 code. It was tested on Ubuntu 9.10 (2.6.31-17-generic) and Fedora 12 (2.6.32.10-90.fc12).
Continue reading “VMware Server 2.0.2 Update Patch #2”
Posted on January 10, 2010
by Ramon de Carvalho Valle
April 2, 2010: I released a new patch which brings some improvements, adds support for newer versions of the Linux kernel and fixes all aforementioned problems. The new patch is available here.
January 18, 2010: Radu Cotescu integrated this patch to the latest version of his script, that now applies the patch automatically in Ubuntu, Fedora and openSUSE. The script is available here.
It has been a while since VMware updates VMware Server to add support for newer versions of the Linux kernel. This is a problem for users of newer distributions such as Ubuntu 9.10 (Karmic Koala) and Fedora 12 (Constantine) who want to use VMware Server.
To resolve this, some unofficial patches that update VMware Server to add support for newer versions of the Linux kernel have been released. However, these patches do not properly add support and have several problems, some of them even require the Linux kernel to be recompiled.
Continue reading “VMware Server 2.0.2 Update Patch”
Posted on August 31, 2009
by Ramon de Carvalho Valle
September 10, 2009: I released a third and final version of the exploit. This third version features: Complete support for i386, x86_64, ppc and ppc64; The personality trick published by Tavis Ormandy and Julien Tinnes; The TOC pointer workaround for data items addressing on ppc64 (i.e. functions in exploit code and libc can be referenced); Improved search and transition to SELinux types with mmap_zero permission. The third version of the exploit is available here.
September 7, 2009: I released a second version of the exploit. Now, it also works with Linux Kernel versions which implements COW credentials (e.g. Fedora 11). For SELinux enforced systems, it automatically searches in the SELinux policy rules for types with mmap_zero permission it can transition, and tries to exploit the system with these types. The second version of the exploit is available here.
Continue reading “Illustrating the Linux sock_sendpage() NULL Pointer Dereference on Power/Cell BE Architecture”
Posted on June 11, 2009
by Ramon de Carvalho Valle
Phrack issue #66 was released and features an article written by Rodrigo, titled “Hacking the Cell Broadband Engine Architecture, SPE software exploitation”, which extends our previously published work to the Synergistic Processor Element (SPE) software development and exploitation. The article is available at:
Hacking the Cell Broadband Engine Architecture, SPE software exploitation
Hacking the Cell Broadband Engine Architecture, SPE software exploitation (Phrack Magazine)
Posted on January 14, 2009
by Ramon de Carvalho Valle
The two part article series I wrote, titled “Linux on Power/Cell BE Architecture Buffer Overflow Vulnerabilities”, is available at IBM developerWorks. This article discusses buffer overflow vulnerabilities in Linux running on Power/Cell BE Architecture processor-based servers and how to exploit them. It also presents a complete set of assembly components for Linux on Power/Cell BE Architecture and their usage. Previous knowledge of buffer overflows is required. The article is available at:
Linux on Power/Cell BE Architecture Buffer Overflow Vulnerabilities
LoP/Cell/B.E.: Buffer overflow vulnerabilities, Part 1 (IBM developerWorks)
LoP/Cell/B.E.: Buffer overflow vulnerabilities, Part 2 (IBM developerWorks)
Posted on December 12, 2008
by Ramon de Carvalho Valle
I published an article I wrote earlier last year, titled “Linux Slab Allocator Buffer Overflow Vulnerabilities”, written in Portuguese (Brazil). This article discusses buffer overflow vulnerabilities in Linux kernel’s Slab Allocator and how to exploit them. Previous knowledge of buffer overflows is required. The article is available at:
Linux Slab Allocator Buffer Overflow Vulnerabilities
Linux Slab Allocator Buffer Overflow Vulnerabilities (IBM developerWorks Brasil)
Posted on November 17, 2008
by Ramon de Carvalho Valle
We are pleased to announce the release of a new version of our UNIX Assembly Components for Proof of Concept Codes (unixasm).
The unixasm is a set of assembly components for proof of concept codes on different operating systems and architectures. These components were carefully designed and implemented for maximum reliability, following strict coding standards and requirements, such as system call invocation standards, position independent, register independent and zero free code. A special attention was put on code length when designing and implementing them, resulting in the most reliable and shortest codes for such purpose available today.
Changes in this version:
- Bug fixes to AIX POWER/PowerPC assembly components and payload modules.
- New assembly components and payload modules for AIX POWER/PowerPC.
- New assembly components and payload modules for Linux POWER/PowerPC/Cell BE.
- New assembly components and payload modules for Linux POWER/PowerPC/Cell BE (64-bit).
These components are also available as part of The Metasploit Framework as payload modules.
Posted on September 10, 2008
by Ramon de Carvalho Valle
We are pleased to announce the release of a new version of our UNIX Assembly Components for Proof of Concept Codes (unixasm).
The unixasm is a set of assembly components for proof of concept codes on different operating systems and architectures. These components were carefully designed and implemented for maximum reliability, following strict coding standards and requirements, such as system call invocation standards, position independent, register independent and zero free code. A special attention was put on code length when designing and implementing them, resulting in the most reliable and shortest codes for such purpose available today.
Changes in this version:
- New assembly components and payload modules for AIX POWER/PowerPC.
These components are also available as part of The Metasploit Framework as payload modules.