Linux Weaknesses Making It Easier To Get Exploited
Today we will discuss four weaknesses in current Linux and PaX ASLR design and implementation.
1) Too low entropy.
2) Non-uniform distribution.
3) Correlation between objects.
4) Inheritance.
The new technique for exploiting the correlation and weakness is presented, which can bypass full ASLR Linux in 64-bit architecture system in less then a second. A deep analysis of these weaknesses enabled to propose new ASLR design, a concept named as ASLR-NG. This will overcome all the current ASLR’s weaknesses including PaX solution. Finally presents ASLRA, a tool to analyze the ASLR entropy of Linux.
1) Too low entropy.
2) Non-uniform distribution.
3) Correlation between objects.
4) Inheritance.
The new technique for exploiting the correlation and weakness is presented, which can bypass full ASLR Linux in 64-bit architecture system in less then a second. A deep analysis of these weaknesses enabled to propose new ASLR design, a concept named as ASLR-NG. This will overcome all the current ASLR’s weaknesses including PaX solution. Finally presents ASLRA, a tool to analyze the ASLR entropy of Linux.
Articles
0 commentaires :
Enregistrer un commentaire