Clip 4 / 5 Speaker: Jon Oberheide, University of Michigan as a user-space applications and services that are increasingly hardened against exploits traditional memory error, the operating system kernel must be a source of significant potential for recovery. In particular, the Linux kernel has recently suffered a bout of heavy, high-profile vulnerability and anger in the community safety for the bugs that are known to impact the vulnerability of poorly managed, leading to an award for Pwnie"Lamest Vendor Response." plays the importance of the Linux operating system in many enterprise environments, you must understand the strengths and weaknesses of its security kernel. This presentation will examine the strengths and weaknesses of diving to depths in the exploitation of vulnerabilities in the Linux kernel. With the real world vulnerabilities and exploits, we will detail the traditional classes of vulnerabilities in the kernel, as the diversion of the flow control (via StackDismantling and slab / SLUB / SLOB allocator corruption), invalid userland dereference memory accesses (including null pointer), and information leakage. In addition to the classical error classes, we cover vulnerabilities in operating systems complex semantics to identify the deep knowledge of kernel internal conditions and make subtle (eg, desynchronization in the VM subsystem), some of which were previously considered to require exploitable. We will also examine the attack surfacethe ...
No comments:
Post a Comment