Highest Voted 'aslr' Questions - IT Security Stack Exchange

1

vote

0 answers

Fedora 3 Disable Address Randomization

I want to disable address space layout randomization on my Fedora 3 virtual machine. I tried to go to /proc/sys/kernel/randomize_va_space. Unlike normal Linux machine, such a file doesn't exist on Fedora 3. How do I disable ASLR for Fedora 3? Is the…

aslr

asked Oct 16 '17 at 14:32

Jonah

19
2

1

vote

0 answers

Does aslr definitely end the possibility of code execution in the case of filesystems heap overflows?

Local only Filesystems (like ntfs or btrfs) consists of many data structures that require very complex code for parsing them. So, such filesystems if implemented in user space can suffer of buffer overflows vulnerabilities like many parser. In that…

linux file-system exploit-development aslr heap-overflow

asked Mar 19 '17 at 21:36

user2284570

1,402
1
14
33

1

vote

1 answer

Trying to understand ASLR in Ubuntu 16.04

Has something changed here? No matter whether I set randomize_va_space, the stack will always have an offset of 0. Afaik it should be a random number, right? .... f7fd8000-f7fd9000 r-xp 00000000 00:00 0 …

ubuntu aslr

asked Oct 25 '16 at 19:54

AdHominem

3,006
1
16
26

1

vote

0 answers

Researchers Bypass ASLR Protection on Intel Haswell CPUs

See Softpedia and research paper. Could we somehow prevent this attack on various OS?

hardware aslr

asked Oct 20 '16 at 08:27

Peter84753

101
5

1

vote

1 answer

How to turn off ASLR under Windows?

I'm experimenting a bit with formatstring attacks with a little program (all vulnerabilities intended): #include int main(int argc, char *argv[]) { char string[100]; gets(string); char * secret1 = "This is secret"; char *…

aslr format-string

asked Aug 02 '16 at 16:52

AdHominem

3,006
1
16
26

1

vote

1 answer

Is the FIPS module of openSSL with fixed base address a security risk?

The latest openSSL library has a FIPS module which needs to be built with a fixed base address to be called FIPS compliant. The rationale behind this is that having a fixed base address enables them to do an integrity check of the library. I…

openssl vulnerability aslr

asked May 25 '16 at 17:06

Limit

3,191
1
16
35

1

vote

1 answer

how to circumvent ASLR without pointer leaks

is there way to circumvent ASLR without pointer leaks, I mean i read many exploit development course Syllabus and many of them talk about bypass ASLR without pointer leaks, Does anyone can explain to me how it is. i read How "leaking pointers" to…

exploit aslr exploit-development

asked Nov 09 '15 at 00:19

adrián

41
1
8

0

votes

2 answers

Debian missing security features?

Debian (stable) is a well respected server Linux distro. I was surprised to see that in their hardening walkthrough (https://wiki.debian.org/HardeningWalkthrough) they do not support position independent executables (and ASLR and a few other useful…

linux hardening aslr

asked Mar 04 '14 at 08:19

Anthony Kraft

1,139
1
8
18

0

votes

1 answer

How much is ASLR effectiveness impacted by different ABIs?

Linux has multiple x86 ABIs: ia32, x32 and x86_64. ia32 and x32 both use 32 bit addresses for addressing and x86_64 uses 64 bit. Now, the question: Since the size of the memory space should affect how much addresses could be randomized, how much…

attack-prevention aslr

asked Jan 13 '14 at 21:47

Simon Lindgren

103
3

0

votes

0 answers

_libc_csu_init address is getting corrupted in x86_64

I am trying to bypass the ASLR using the returntoplt attack for this I have to use a gadget pop rdi; ret I was able to find this gadget in __libc_csu_inint but for some reason whenever I use this address it gets corrupted in the stack. I can use…

buffer-overflow c aslr assembly gcc

asked Jul 05 '22 at 02:32

DeathNet123

1
2

0

votes

0 answers

which methods are used beside ASLR for Stack-Randomization?

I've been working with Buffer Overflow attacks, and I would like to know if there is another method for Stack-Randomization beside the ASLR method.

linux buffer-overflow c aslr stack-overflow

asked Jun 29 '22 at 20:50

Flowless Man

1
1

0

votes

0 answers

How does ASLR work

I have read about ASLR and understand that it randomizes the location in memory where an executable is loaded every time it is run. But I have a doubt, take an example of an elf executable. It tells where the program should be loaded in virtual…

linux aslr

asked Mar 21 '22 at 05:49

OSdev

1

0

votes

0 answers

OpenSSL 1.0.2, for 32 bit FIPS, is doing a base-address verification. Where and how is that implemented?

We build OpenSSL in FIPS mode, to be used as a DLL. According to the OpenSSL FIPS module (https://www.openssl.org/docs/fips/UserGuide-1.2.pdf), we supply a parameter to the compiler --with-baseaddr=0xFB00000. This parameter allows an integrity check…

openssl fips aslr

asked Nov 09 '21 at 12:11

tamir

1
1

0

votes

1 answer

Fixed offset in linux ASLR?

I just printed function addresses and offset between two functions, but the offset is fixed whenever the program is executed (base address is only changed). Code (test.c) #include #include void func() { …

aslr

asked May 13 '21 at 01:44

user257164

103
2

0

votes

1 answer

ROP on MIPS Doesn't Land Where Calculated

I am working on exploiting an application on MIPS to further my knowledge of ROP chaining. The library I am trying to build a ROP chain is libuClibc-0.9.30.3.so. I found a gadget that I want to use using Ropper. The offset is marked to be,…

exploit buffer-overflow reverse-engineering aslr rop

asked Nov 18 '20 at 01:45

joshu

101
3

Questions tagged [aslr]