Home > Cloud Computing > Cloud Security

Dave Aitel: "ASLR + DEP = no problem"

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Tombkeeper

From: dave <dave () immunityinc com>
Date: Wed, 03 Feb 2010 11:52:34-0500

----- Begin pgp signed message -----
Hash: SHA1

Not so long ago, ASLR and DEP were gaining wide acceptance. Execshield was on almost all Linux systems, and the "golden age" of buffer overflow exploitation looked like it was coming to a close.

It is true that the code is getting better, and the mitigating protective mechanisms in Windows and Linux are getting better. but like in a ceramic, the physical properties of a system are defined by the interfaces between components, not the crystals themselves.

Today, Immunity released a working version of the Aurora exploit for Windows 7 and IE8 today to CANVAS Early Updates. it does this by playing some very odd tricks with Flashs JIT compiler. this technique is extendible to almost all similar vulnerabilities. in other words, ASLR and DEP are not longer the shield they once were.

I believe Dionysus Blazakis is going to release some details on a similar technique at BlackHat DC today. If you miss the rest of the talks, Id recommend popping into that one.:>

Thanks,
Dave Aitel
Immunity, Inc.


----- Begin pgp signature -----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora-http://enigmail.mozdev.org

Bytes
AL0AnjmW40zWTjtwitHJO3Fcv1z9F9QI
= L0KE
----- End pgp signature -----


Yesterday, I am still talking to Sowhat. You will be able to see that someone will release the ASLR + DEP technology within this year. I didn't expect it to be fulfilled today.

Dave Aitel mentioned that with the help of Flashs JIT compiler, I guess it should be like this:

Any JIT technology, in the process of instruction translation, always generates machine code; these machine codes always exist in a piece of memory; this memory must be executable.

Using this, we can construct a Flash that will generate a large amount of code data for JIT translation. In fact, it is similar to Heap Spray, but the memory generated now has executable attributes.

"Iron is still there", and the red flag is still floating.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More