Date: Wed, 6 Apr 2016 14:58:48 +0200 From: Hector Marco-Gisbert <hecmargi@....es> To: fulldisclosure@...lists.org, full-disclosure@...ts.grok.org.uk, bugs@...uritytracker.com, bugtraq@...urityfocus.com, oss-security@...ts.openwall.com Subject: CVE-2016-3672 - Unlimiting the stack not longer disables ASLR Hi everyone, We have fixed an old and very known weakness in the Linux ASLR implementation. The weakness allowed any user able to running 32-bit applications in a x86 machine disable the ASLR by setting the RLIMIT_STACK resource to unlimited. This is a very old trick to disable ASLR, but unfortunately it was still present in current Linux systems. Details at: http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-disables-ASLR.html Best, Hector. -- Dr. Hector Marco-Gisbert @ http://hmarco.org/ Cyber Security Researcher @ http://cybersecurity.upv.es Universitat Politècnica de València (Spain)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ