lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 6 Apr 2016 14:58:48 +0200 From: Hector Marco-Gisbert <hecmargi@....es> To: fulldisclosure@...lists.org, full-disclosure@...ts.grok.org.uk, bugs@...uritytracker.com, bugtraq@...urityfocus.com, oss-security@...ts.openwall.com Subject: CVE-2016-3672 - Unlimiting the stack not longer disables ASLR Hi everyone, We have fixed an old and very known weakness in the Linux ASLR implementation. The weakness allowed any user able to running 32-bit applications in a x86 machine disable the ASLR by setting the RLIMIT_STACK resource to unlimited. This is a very old trick to disable ASLR, but unfortunately it was still present in current Linux systems. Details at: http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-disables-ASLR.html Best, Hector. -- Dr. Hector Marco-Gisbert @ http://hmarco.org/ Cyber Security Researcher @ http://cybersecurity.upv.es Universitat Politècnica de València (Spain)
Powered by blists - more mailing lists