Date: Tue, 20 Mar 2012 21:10:33 +0800 From: Eugene Teo <eugene@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: CVE request -- kernel: execshield: predictable ascii armour base address On 03/20/2012 06:20 PM, Petr Matousek wrote: > When running a binary with a lot of shared libraries, predictable base > address is used for one of the loaded libraries. > > This flaw could be used to bypass ASLR. > > References: > http://scarybeastsecurity.blogspot.com/2012/03/some-random-observations-on-linux-aslr.html > https://bugzilla.redhat.com/show_bug.cgi?id=804947 Use CVE-2012-1568. Eugene
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ