Showing 1 - 4 of 4

Files from Rafal Wojtczuk

Email address	rafal at invisiblethingslab.com
First Active	2006-07-12
Last Active	2019-03-07

FreeBSD Intel SYSRET Privilege Escalation: Posted Mar 7, 2019; Authored by Rafal Wojtczuk, Brendan Coles, John Baldwin, iZsh | Site metasploit.com; This Metasploit module exploits a vulnerability in the FreeBSD kernel, when running on 64-bit Intel processors. By design, 64-bit processors following the X86-64 specification will trigger a general protection fault (GPF) when executing a SYSRET instruction with a non-canonical address in the RCX register. However, Intel processors check for a non-canonical address prior to dropping privileges, causing a GPF in privileged mode. As a result, the current userland RSP stack pointer is restored and executed, resulting in privileged code execution.; tags | exploit, x86, kernel, code execution; systems | freebsd, bsd; advisories | CVE-2012-0217; SHA-256 | f1711c3320d7c4e9f80661d007057fb1b0b673f47fb51ec2968a821bc6aa8991; Download | Favorite | View

FreeBSD Security Advisory - Kernel Privilege Escalation: Posted Jun 12, 2012; Authored by Rafal Wojtczuk, John Baldwin | Site security.freebsd.org; FreeBSD Security Advisory - The FreeBSD operating system implements a rings model of security, where privileged operations are done in the kernel, and most applications request access to these operations by making a system call, which puts the CPU into the required privilege level and passes control to the kernel. FreeBSD/amd64 runs on CPUs from different vendors. Due to varying behaviour of CPUs in 64 bit mode a sanity check of the kernel may be insufficient when returning from a system call. Successful exploitation of the problem can lead to local kernel privilege escalation, kernel data corruption and/or crash.; tags | advisory, kernel, local; systems | freebsd; advisories | CVE-2012-0217; SHA-256 | 50ab73e18c85232ccd993cef89e2d46586aa4f827d36aa88ad33256fe4a53d2d; Download | Favorite | View

xenfb-adventures-10.pdf: Posted Oct 16, 2008; Authored by Rafal Wojtczuk; Whitepaper entitled Adventures with a certain Xen vulnerability (in the PVFB backend).; tags | paper; advisories | CVE-2008-1943; SHA-256 | dc2c1f613ed2294698e11fed5a558cda1fc7acdf157f9e6e5393eec8a6b2f4d5; Download | Favorite | View

SMBinfodisclose.txt: Posted Jul 12, 2006; Authored by Mike Price, Rafal Wojtczuk; An information disclosure vulnerability exists in the Microsoft Server service that could allow an attacker to retrieve fragments of memory from an affected host via the host's SMB server. Affected products include Microsoft Windows 2000, Microsoft Windows XP with Service Pack 1, Microsoft Windows XP with Service Pack 2, Microsoft Windows Server 2003, and Microsoft Windows Server 2003 with Service Pack 1.; tags | advisory, info disclosure; systems | windows; advisories | CVE-2006-1315; SHA-256 | cf894ff8c6ca42cce5295a939abdf2e99274c7a324d9f99877c347bc5b1efefc; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days