From owner-freebsd-security@FreeBSD.ORG Mon Jun 18 22:16:15 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9B5591065672 for ; Mon, 18 Jun 2012 22:16:15 +0000 (UTC) (envelope-from oliver.pntr@gmail.com) Received: from mail-yw0-f54.google.com (mail-yw0-f54.google.com [209.85.213.54]) by mx1.freebsd.org (Postfix) with ESMTP id 5A6AC8FC08 for ; Mon, 18 Jun 2012 22:16:15 +0000 (UTC) Received: by yhgm50 with SMTP id m50so4949359yhg.13 for ; Mon, 18 Jun 2012 15:16:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=4wjvyZ6ka1B/XtqM7+BXnusS4QZI6ef2AOgV2ou+hWs=; b=xfMxWBcD9EbPBTygYk9UW7ntsBClZxYf8rGa2Fpenbn5A/6UIqxpjp+9CZVZzGaQDd o4Bn9u1+OxL4A7WlsNDYcX8ZDvSZaaPJgYqowibyA2mY7pPCY6sLplZYGpCQ6OwJDWWw Srhz0D6w593wfAG0kdfAM32UdybTQ8nLujjcj/tZL6KJAOtcTGlWeTts2SuCaq8UF6Bc ZOK3DQ5NlV9ZTBAz96JZqW2U6+C0fG5llvCj0uq2bKzO+NhUmZcKdgeZ1Q0t7gj0HfL3 hzLanHYzRj5DWTOV9QcSfUyetPpZpMSw+BZcxfxitbFpA1OXIBMvTEZ1fiSFCRlUMra9 LjlA== MIME-Version: 1.0 Received: by 10.101.175.1 with SMTP id c1mr6190269anp.10.1340057774718; Mon, 18 Jun 2012 15:16:14 -0700 (PDT) Received: by 10.236.46.233 with HTTP; Mon, 18 Jun 2012 15:16:14 -0700 (PDT) Date: Tue, 19 Jun 2012 00:16:14 +0200 Message-ID: From: Oliver Pinter To: freebsd-security@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Subject: FYI: Fwd: [Dailydave] CANVAS SYSRET Module X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Jun 2012 22:16:15 -0000 ---------- Forwarded message ---------- From: Alex McGeorge Date: Mon, 18 Jun 2012 10:10:09 -0400 Subject: [Dailydave] CANVAS SYSRET Module To: dailydave@lists.immunityinc.com, canvas@lists.immunityinc.com Aloha lists, There has been a lot of talk about the SYSRET vulnerability [1] recently and even some pretty good write ups [2]. Of course the best discussion of this bug will undoubtedly come from Rafal at his BlackHat talk in Vegas [3]. For those of you who are eager to see an exploit for this vulnerability in action we've got you covered: http://partners.immunityinc.com/movies/SYSRET-v2.mov . The exploit has been available since Friday to CANVAS Early Updates (CEU) customers for their FreeBSD privilege escalation pleasure, courtesy of our Unix exploit development team. For CEU inquiries please email admin@immunityinc.com . We were chatting about this on Friday, do other people see FreeBSD in the enterprise on pen-tests? Outside of a few NAS solutions I've seen it employed in source control and for other important tasks (DNS, FTP). Now that Linux is so common place is FreeBSD considered exotic? Cheers, -AlexM [1] http://www.kb.cert.org/vuls/id/649219 [2] http://blog.xen.org/index.php/2012/06/13/the-intel-sysret-privilege-escalation/ [3] https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Wojtczuk -- Alex McGeorge Immunity Inc. 1130 Washington Avenue 8th Floor Miami Beach, Florida 33139 P: 786.220.0600