Back to list
CVE-2016-3672 - Unlimiting the stack not longer disables ASLR
Apr 06 2016 12:58PM
Hector Marco-Gisbert (hecmargi upv es)
We have fixed an old and very known weakness in the Linux ASLR implementation.
The weakness allowed any user able to running 32-bit applications in a x86
machine disable the ASLR by setting the RLIMIT_STACK resource to unlimited.
This is a very old trick to disable ASLR, but unfortunately it was still present
in current Linux systems.
Dr. Hector Marco-Gisbert @ http://hmarco.org/
Cyber Security Researcher @ http://cybersecurity.upv.es
Universitat PolitÃ¨cnica de ValÃ¨ncia (Spain)
[ reply ]
Copyright 2010, SecurityFocus