The software exploitation game is changing as new pieces come into play. Protection mechanisms like ASLR and stack canaries are changing how attackers approach memory corruption bugs. Both ASLR and canaries can significantly hinder traditional exploitation techniques. One interesting aspect of these protection mechanisms is that while they do hinder some attacks, they also magnify the severity of other vulnerabilities which were previously (for the most part) insignificant: memory information disclosure vulnerabilities.
As a code auditor, when I would run across some sort of pointer arithmetic or buffer walking that resulted out-of-bounds data reads, I would tag them as informational bugs. These are typically seen as the result of faulty logic or bad coding practices. Occasionally, depending on the type of information being disclosed, there would be some security value tied to the bug: credential exposure, plain-text exposure (where crypto was used), etc...but these are mostly corner cases.
However, now that security mechanisms like ASLR rely on the premise of an attacker being unable to get specific process information, these bugs transcend into an entirely higher class of value. If an attacker can get a consistent read from out of bounds on a given buffer, here are just some of the potential vectors it could be used for:
- Canaries: the most obvious answer. This case would completely subvert this securtiy offered by stack/memory structure canaries.
- Application Pointers: these are also obvious, as they would expose the address space layout of an application, defeating ASLR.
- Stack Frame Pointers: ..etc..etc..
- Library Addresses: ret2lib[X]
- Rick Astley's phone number: this is stored by default in every application compiled with the new Visual Studio.
Of course the conditions are rare, and are probably specific to each scenario, but this may become a serious consideration being that such trivial bugs may ultimately become enablers for threats which were otherwise de-fanged.
Just a thought.
Subscribe to:
Post Comments (Atom)
10 comments:
You're hot.
Blogs are so informative where we get lots of information on any topic. Nice job keep it up!!
_____________________________
Buy Dissertation
This kind of information is very limited on internet. Nice to find the post related to my searching criteria. Your updated and informative post will be appreciated by blog loving people.
Dissertation writing services
Great Post, I’ll be definitely coming back to your site. Keep the nice work up.
small business logo design | design logo web | website logo design | custom logo designs
There is pleasure in sin, but not peace. hey this is quote of the day for you because i really like your post thats why I've share the quote of the day :)
Buy Dissertation
Hey! Keep it up your work. Your blog and post are very informative. Very clear easy to understand text I am enjoying your post. Please take a look at my dissertation proposal site and advise me further improvement.
Great post, the subject is extremely useful and informative for me. Keep doing the good work. Regards
logo design websites
There are thousands of blogs and websites providing the same nature of information again and again, I guess they copy it from one another. Anyhow, the piece of information you have provided is something different and unique. Keep up the good work.
professional logo design
You might like to try the following link. It provides guidance, with worked examples, on understanding what the examiner seeks and writing in an academic manner. If in doubt can always ask tutors whether it's advice applies in your discipline and institution.
Essay
Internet is studded with such type of blogs and your blog is doing a great job in educating people like me. Keep up the good work
business logo design
custom logo design
Post a Comment