Actu
Vigil@nce: Linux kernel, bypassing ASLR via VDSO
May 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
When the Linux kernel is compiled with CONFIG_COMPAT_VDSO, a local
attacker can use it to bypass ASLR, in order to ease the
development of an attack tool.
– Severity: 1/4
– Creation date: 21/05/2012
IMPACTED PRODUCTS
– Fedora
– Linux kernel
– openSUSE
DESCRIPTION OF THE VULNERABILITY
The VDSO (Virtual Dynamically-linked Shared Object) memory page is
used by a process to access to kernel features, without using a
system call. This memory page is enabled when the kernel is
compiled with CONFIG_COMPAT_VDSO.
However, this memory page is always located at the same address.
Moreover, it contains instructions like POP+RET, which are used to
redirect the execution path of an exploit.
When the Linux kernel is compiled with CONFIG_COMPAT_VDSO, a local
attacker can therefore use it to bypass ASLR, in order to ease the
development of an attack tool.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-bypassing-ASLR-via-VDSO-11639
