Affected versions: >= 2.6.17
Fixed in version: 2.6.24.2

Fix

You can download the vmsplice patch locally or from the official LKML thread: [PATCH] vmsplice exploit fix

Patching on Debian Etch

Update 12/02/08: Debian repositories have been updated and contain patched kernels. If you’re using a stock kernel, the following two commands should sort you out (providing you reboot afterwards).

aptitude update
aptitude upgrade

Install kernel sources

export KVER=`uname -r`
aptitude update
aptitude install linux-source-${KVER}
cd /usr/src
tar -xjf linux-source-${KVER}.tar.bz2
ln -s linux-source-${KVER} linux
cd linux

Patch kernel sources

patch < vmsplice.patch -p1

Compile kernel and install

You'll want to copy your existing kernel configuration.

cp /boot/config-${KVER} .config
make-kpkg clean
make-kpkg --initrd --append-to-version=-mykernelname kernel_image
cd ..
dpkg -i linux-image-${KVER}-mykernelname_${KVER}-mykernelname-10.00.Custom_i386.deb
reboot

References

• http://www.isec.pl/vulnerabilities/isec-0026-vmsplice_to_kernel.txt
• http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=465246
• http://milw0rm.com/exploits/5092
• http://milw0rm.com/exploits/5093

With the right extensions, firefox can become much more than a web browser. But this isn’t about turning your firefox into a blogging platform or a social bookmarking application. It’s about turning your firefox into one of the best tools for web development, debugging and penetration testing web applications.

The following picture is a mind-map of Firefox extensions that can prove very useful during the security audit of a web application. This picture was taken from the Security Database FireCAT 1.3 article.

Alot of these tools share common functionalities, and some are just plain better than other. It’s all a matter of taste, so I suggest you try them out yourself.

Nevertheless, here is my personal pick of the crop.

Must have

• Firebug. Amazing javascript debugger and DOM inspector. Includes many other tools (profiler, network watch, …).
• SwitchProxy. Switch between different proxy configurations in a couple clicks.
• Add N Edit Cookies. Does exactly what it says on the tin.
• Tamper Data. Lets you view and modify outgoing requests very easily. Includes a handy “replay” function.
• Classic Compact. Not an extension. Just a theme, the default theme in fact, modified to be as compact as possible (because we all need that screen real estate).

Nice to have

• Poster. Lets you forge any HTTP request very easily. Supports common methods (get, post, head, …) file uploading and authentication. It’s like a portable <form> in your pocket.
• Hack Bar. Tool to aid when looking for SQL injections (includes SQL related functions and a few encoders/decoders). I mostly use it as an URL sandbox instead of the single-line address bar.
• Web Developer. Not as ground-breaking as firebug but includes a few handy functions.
• User Agent Switcher. Lets you switch user-agent globally. Includes pre-defined User-Agent strings.
• RefControl.Set your Referer header globally or per domain.
• NoScript. Allow or deny javascript globally, per domain, site, path, time, earth-moon distance, …
• Exploit Me. Suite of tools for automating user input fuzzing (brute-forcing payloads). At time of writing, two extensions are available; “XSS Me” and “SQL Inject Me”.
• ChickenFoot, GreaseMonkey. Scripting environments.

The above mindmap diagram is available in 3 formats:

• firecat_13.png
• firecat_13.pdf
• firecat-13.mm

References

• http://www.security-database.com/toolswatch/FireCAT-Firefox-Catalog-of,302.html