exploit the possibilities

AMD Bulldozer Linux ASLR Weakness

AMD Bulldozer Linux ASLR Weakness
Posted Apr 22, 2015
Authored by Hector Marco

A security issue in Linux ASLR implementation which affects some AMD processors has been found. The issue affects to all Linux process even if they are not using shared libraries (statically compiled). The problem appears because some mmapped objects (VDSO, libraries, etc.) are poorly randomized in an attempt to avoid cache aliasing penalties for AMD Bulldozer (Family 15h) processors. Affected systems have reduced the mmapped files entropy by eight. Grsecurity/PaX is also affected. The total entropy for the VVAR/VDSO, mmapped files and libraries of a processes are reduced by eight. The number of possible locations where the mapped areas can be placed are reduced by 87.5%.

tags | advisory
systems | linux
MD5 | 59a2b2b92e6a061e5065eb20dab68922

AMD Bulldozer Linux ASLR Weakness

Change Mirror Download
A security issue in Linux ASLR implementation which affects some AMD processors 
has been found. The issue affects to all Linux process even if they are not
using shared libraries (statically compiled).

The problem appears because some mmapped objects (VDSO, libraries, etc.) are
poorly randomized in an attempt to avoid cache aliasing penalties for AMD
Bulldozer (Family 15h) processors.

Affected systems have reduced the mmapped files entropy by eight. Grsecurity/PaX
is also affected.

The total entropy for the VVAR/VDSO, mmapped files and libraries of a processes
are reduced by eight. The number of possible locations where the mapped areas
can be placed are reduced by 87.5%.

On 32-bit systems, for example, the entropy for libraries is reduced from 2^8 to
2^5, which means that libraries only have 32 different places where they can be
loaded. Under this scenario, advanced techniques used by PaX to thwart brute
force attacks (for example, force a delay on the process creation when a crash
occurs) are no longer effective. The attackers need on average only 16 trials.

Advisory details at:
http://hmarco.org/bugs/AMD-Bulldozer-linux-ASLR-weakness-reducing-mmaped-files-by-eight.html


We sent a patch, and Linux 4.1 Will Improve AMD Bulldozer's ASLR Entropy Issue:
http://www.spinics.net/lists/linux-tip-commits/msg27373.html



--
Hector Marco-Gisbert @ http://hmarco.org/
Cyber Security Researcher @ http://cybersecurity.upv.es
Universitat Politècnica de València (Spain)


Login or Register to add favorites

File Archive:

September 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    14 Files
  • 2
    Sep 2nd
    19 Files
  • 3
    Sep 3rd
    9 Files
  • 4
    Sep 4th
    1 Files
  • 5
    Sep 5th
    2 Files
  • 6
    Sep 6th
    3 Files
  • 7
    Sep 7th
    12 Files
  • 8
    Sep 8th
    22 Files
  • 9
    Sep 9th
    17 Files
  • 10
    Sep 10th
    19 Files
  • 11
    Sep 11th
    3 Files
  • 12
    Sep 12th
    2 Files
  • 13
    Sep 13th
    15 Files
  • 14
    Sep 14th
    16 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    7 Files
  • 17
    Sep 17th
    13 Files
  • 18
    Sep 18th
    2 Files
  • 19
    Sep 19th
    2 Files
  • 20
    Sep 20th
    14 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    28 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close