oss-sec mailing list archives
Re: CVE-Request - Offset2lib
From: Daniel Micay <danielmicay () gmail com>
Date: Sun, 15 Feb 2015 08:07:23 -0500
On 15/02/15 07:38 AM, Hector Marco wrote:
Hello, Offset2lib is a security weakness on the implementation of the ASLR in GNU/Linux when the executable is PIE compiled which affects all architectures except s390. Advisory URL: http://cybersecurity.upv.es/attacks/offset2lib/offset2lib.html Link patch submission: https://lkml.org/lkml/2015/1/7/527 Can a CVE be assigned to this please? Thank you. Hector Marco.
This kind of room for improvement in the ASLR implementation doesn't seem like it's worthy of a CVE. There are many ways of making it more fine grained, but there are diminishing returns. This won't help if there are usable ROP gadgets in the application code. AFAIK, it didn't attempt / claim to offer this level of granularity, so it's not the same as something like the vdso issue where an expected exploit mitigation was totally broken. It could also add a gap between each library and do more than just base randomization for mmap... but it's an endless rabbit hole and at some point the costs become significant, while the gains are dubious.
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE-Request - Offset2lib Hector Marco (Feb 15)
- Re: CVE-Request - Offset2lib Daniel Micay (Feb 15)