Exploiting Linux and PaX ASLR’s weaknesses on 32-bit and 64-bit systems

Hector Marco Gisbert, Ismael Ripoll

Research output: Contribution to conferencePaper

Abstract

In this work, we present four weaknesses in current Linux and PaX ASLR design and implementation:

1) Too low entropy
2) Non-uniform distribution
3) Correlation between objects
4) Inheritance

A proof of concept exploiting the correlation weakness is presented, which bypasses the Full ASLR Linux in 64-bit systems in less than one second - the system is protected. A deep analysis of all these weaknesses enabled us to propose a new ASLR design. A proof of concept on Linux will be named ASLR-NG, which overcomes all current ASLRs including PaX solution. Finally, we present ASLRA, a suit tool to analyze the ASLR entropy of Linux.
Original languageEnglish
Publication statusPublished - 29 Mar 2016
EventBlack Hat Asia 2016 - Marina Bay Sands, Singapore, Singapore
Duration: 29 Mar 20161 Apr 2016
https://www.blackhat.com/asia-16/briefings.html

Conference

ConferenceBlack Hat Asia 2016
CountrySingapore
CitySingapore
Period29/03/161/04/16
Internet address

Keywords

  • CyberSecurity
  • Linux
  • ASLR

Fingerprint Dive into the research topics of 'Exploiting Linux and PaX ASLR’s weaknesses on 32-bit and 64-bit systems'. Together they form a unique fingerprint.

  • Cite this

    Marco Gisbert, H., & Ripoll, I. (2016). Exploiting Linux and PaX ASLR’s weaknesses on 32-bit and 64-bit systems. Paper presented at Black Hat Asia 2016, Singapore, Singapore.