Exploiting Linux and PaX ASLR’s weaknesses on 32-bit and 64-bit systems

Hector Marco Gisbert, Ismael Ripoll

Research output: Contribution to conferencePaper

Abstract

In this work, we present four weaknesses in current Linux and PaX ASLR design and implementation:

1) Too low entropy
2) Non-uniform distribution
3) Correlation between objects
4) Inheritance

A proof of concept exploiting the correlation weakness is presented, which bypasses the Full ASLR Linux in 64-bit systems in less than one second - the system is protected. A deep analysis of all these weaknesses enabled us to propose a new ASLR design. A proof of concept on Linux will be named ASLR-NG, which overcomes all current ASLRs including PaX solution. Finally, we present ASLRA, a suit tool to analyze the ASLR entropy of Linux.

Conference

ConferenceBlack Hat Asia 2016
CountrySingapore
CitySingapore
Period29/03/161/04/16
Internet address

Fingerprint

Entropy
Linux

Keywords

  • CyberSecurity
  • Linux
  • ASLR

Cite this

Marco Gisbert, H., & Ripoll, I. (2016). Exploiting Linux and PaX ASLR’s weaknesses on 32-bit and 64-bit systems. Paper presented at Black Hat Asia 2016, Singapore, Singapore.
Marco Gisbert, Hector ; Ripoll, Ismael. / Exploiting Linux and PaX ASLR’s weaknesses on 32-bit and 64-bit systems. Paper presented at Black Hat Asia 2016, Singapore, Singapore.
@conference{201a0d9d7dc842b2bb9e083fcec76bd8,
title = "Exploiting Linux and PaX ASLR’s weaknesses on 32-bit and 64-bit systems",
abstract = "In this work, we present four weaknesses in current Linux and PaX ASLR design and implementation:1) Too low entropy2) Non-uniform distribution3) Correlation between objects4) InheritanceA proof of concept exploiting the correlation weakness is presented, which bypasses the Full ASLR Linux in 64-bit systems in less than one second - the system is protected. A deep analysis of all these weaknesses enabled us to propose a new ASLR design. A proof of concept on Linux will be named ASLR-NG, which overcomes all current ASLRs including PaX solution. Finally, we present ASLRA, a suit tool to analyze the ASLR entropy of Linux.",
keywords = "CyberSecurity, Linux, ASLR",
author = "{Marco Gisbert}, Hector and Ismael Ripoll",
year = "2016",
month = "3",
day = "29",
language = "English",
note = "Black Hat Asia 2016 ; Conference date: 29-03-2016 Through 01-04-2016",
url = "https://www.blackhat.com/asia-16/briefings.html",

}

Marco Gisbert, H & Ripoll, I 2016, 'Exploiting Linux and PaX ASLR’s weaknesses on 32-bit and 64-bit systems' Paper presented at Black Hat Asia 2016, Singapore, Singapore, 29/03/16 - 1/04/16, .

Exploiting Linux and PaX ASLR’s weaknesses on 32-bit and 64-bit systems. / Marco Gisbert, Hector; Ripoll, Ismael.

2016. Paper presented at Black Hat Asia 2016, Singapore, Singapore.

Research output: Contribution to conferencePaper

TY - CONF

T1 - Exploiting Linux and PaX ASLR’s weaknesses on 32-bit and 64-bit systems

AU - Marco Gisbert,Hector

AU - Ripoll,Ismael

PY - 2016/3/29

Y1 - 2016/3/29

N2 - In this work, we present four weaknesses in current Linux and PaX ASLR design and implementation:1) Too low entropy2) Non-uniform distribution3) Correlation between objects4) InheritanceA proof of concept exploiting the correlation weakness is presented, which bypasses the Full ASLR Linux in 64-bit systems in less than one second - the system is protected. A deep analysis of all these weaknesses enabled us to propose a new ASLR design. A proof of concept on Linux will be named ASLR-NG, which overcomes all current ASLRs including PaX solution. Finally, we present ASLRA, a suit tool to analyze the ASLR entropy of Linux.

AB - In this work, we present four weaknesses in current Linux and PaX ASLR design and implementation:1) Too low entropy2) Non-uniform distribution3) Correlation between objects4) InheritanceA proof of concept exploiting the correlation weakness is presented, which bypasses the Full ASLR Linux in 64-bit systems in less than one second - the system is protected. A deep analysis of all these weaknesses enabled us to propose a new ASLR design. A proof of concept on Linux will be named ASLR-NG, which overcomes all current ASLRs including PaX solution. Finally, we present ASLRA, a suit tool to analyze the ASLR entropy of Linux.

KW - CyberSecurity

KW - Linux

KW - ASLR

UR - https://www.blackhat.com/asia-16/briefings.html#exploiting-linux-and-pax-aslrs-weaknesses-on-32-bit-and-64-bit-systems

M3 - Paper

ER -

Marco Gisbert H, Ripoll I. Exploiting Linux and PaX ASLR’s weaknesses on 32-bit and 64-bit systems. 2016. Paper presented at Black Hat Asia 2016, Singapore, Singapore.