Eugene Teo

This is a list of security vulnerabilities I found.

CVE Product Description
CVE-2006-5751 Linux get_fdb_entries() integer overflow (MOKB 29/11)
CVE-2008-3276 Linux DCCP integer overflow
CVE-2008-3526 Linux SCTP remote integer overflow
CVE-2008-3525 Linux Missing capability checks in sbni WAN driver
CVE-2008-4445 Linux SCTP information disclosure
CVE-2008-3528 Linux ext[234] directory corruption DoS
CVE-2008-5744 Asterisk Array index error in dahdi/tor2.c driver
CVE-2009-4538 Linux e1000e remote integer overflow
CVE-2010-1148 Linux cifs_create() NULL pointer dereference

  • My bug activity on Red Hat Bugzilla
  • My Security activity on oss-security list
  • Some Linux kernel fixes I contributed during my limited free time
  • kernel: add '-fno-delete-null-pointer-checks' to gcc CFLAGS
  • sctest: unhooked call to GetTempPathA.
  • Interesting dailydave/blog post about a kernel vulnerability I spotted that was fixed silently upstream. Unfortunately, this happened too frequently.
  • Workaround the /dev/mem restriction
  • rmem.ko required for RSTJ compliance (argh...)
  • Missing range_is_allowed() check in mmap_mem()
    This is/can be abused by rootkits like phalanx2. Upstream is not affected. Greets rebel :)
  • A quick overview of Linux kernel crash dump analysis article
  • Exploiting kmalloc overflows to own j00, SyScAN 2005
  • Problem Solving with SystemTap, Red Hat Summit 2007
  • Writing SystemTap Scripts, GNOME.Asia Summit 2008, Beijing
  • Some recent Linux kernel security bugs, SFD2009, BLUG, and Linuxfb
  • linux/x86 /bin/sh sysenter Opcode Array Payload
  • Many other SystemTap scripts I wrote in the past.
  • pfiles SystemTap script for Linux.
  • errsnoop SystemTap script.
  • Measuring Security Risks with CVSS, 2nd All Bout Security Seminar 2010
  • Kbase: How to mitigate against NULL pointer dereference vulnerabilities?