oss-sec mailing list archives
Re: PIE bypass using VDSO ASLR weakness
From: Reno Robert <renorobert () gmail com>
Date: Thu, 11 Dec 2014 11:15:44 +0530
Given that ASLR is not effective in VDSO and comes down to 11 quality bits as per pax test making return-to-vdso feasible even for PIE binary, whether this should be considered as a bug and CVE be assigned? On Wed, Dec 10, 2014 at 2:25 AM, Daniel Micay <danielmicay () gmail com> wrote:
On 09/12/14 10:33 AM, Reno Robert wrote:Hi Daniel, COMPAT_VDSO is not enabled. Just that randomization is 20 bits and same values are generated on repeated execution.Ah, I was testing against PaX ASLR :). Sorry for the noise.
-- Regards, Reno Robert http://v0ids3curity.blogspot.in/
Current thread:
- PIE bypass using VDSO ASLR weakness Reno Robert (Dec 09)
- Re: PIE bypass using VDSO ASLR weakness Daniel Micay (Dec 09)
- Re: PIE bypass using VDSO ASLR weakness Reno Robert (Dec 09)
- Re: PIE bypass using VDSO ASLR weakness Martino Dell'Ambrogio (Dec 09)
- Re: PIE bypass using VDSO ASLR weakness Mathias Krause (Dec 09)
- Re: PIE bypass using VDSO ASLR weakness Daniel Micay (Dec 09)
- Re: PIE bypass using VDSO ASLR weakness Reno Robert (Dec 10)
- Re: PIE bypass using VDSO ASLR weakness Hanno Böck (Dec 11)
- Re: PIE bypass using VDSO ASLR weakness Greg KH (Dec 11)
- Re: PIE bypass using VDSO ASLR weakness cve-assign (Dec 26)
- Re: PIE bypass using VDSO ASLR weakness Reno Robert (Dec 09)
- Re: PIE bypass using VDSO ASLR weakness Daniel Micay (Dec 09)