Full Disclosure mailing list archives
CVE-2016-3672 - Unlimiting the stack not longer disables ASLR
From: Hector Marco-Gisbert <hecmargi () upv es>
Date: Wed, 6 Apr 2016 14:58:48 +0200
Hi everyone, We have fixed an old and very known weakness in the Linux ASLR implementation. The weakness allowed any user able to running 32-bit applications in a x86 machine disable the ASLR by setting the RLIMIT_STACK resource to unlimited. This is a very old trick to disable ASLR, but unfortunately it was still present in current Linux systems. Details at: http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-disables-ASLR.html Best, Hector. -- Dr. Hector Marco-Gisbert @ http://hmarco.org/ Cyber Security Researcher @ http://cybersecurity.upv.es Universitat Politècnica de València (Spain) _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- CVE-2016-3672 - Unlimiting the stack not longer disables ASLR Hector Marco-Gisbert (Apr 06)