ITSecurity

IT Security

These are all my work and findings to date related to IT Security:

Google Summer of Code 2008

I was accepted for Google Summer of Code 2008 to implement auditing of firewall kernel events on FreeBSD as part of the TrustedBSD Project. You can find out more about this on my personal page at FreeBSD.org's wiki

TrustedBSD Project

I've contributed with various patches to TrustedBSD Project and it's sub-projects such as OpenBSM.

OpenBSD

This was a remote hole on OpenBSD 4.2 spamd daemon. Although severe, this wasn't on default install.

• 2007/12/27 - [PATCH]: spamd sync packet header improper length check

Ethereal (now Wireshark)

The following is about an security hole I found on one of Ethereal's packet dissectors. This exploit uses an unusual technique: the overflowed buffer is on stack but the shellcode is on heap. I also released a script to find out the correct return address on other Linux distributions.

• 2005/03/09 - Ethereal 0.10.9 remote buffer overflow vulnerability

• 2005/03/14 - Ethereal 0.10.9 and below remote root exploit