Dailydave mailing list archives
ASLR+DEP = no problem. :>
From: dave <dave () immunityinc com>
Date: Wed, 03 Feb 2010 11:52:34 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Not so long ago, ASLR and DEP were gaining wide acceptance. Execshield was on almost all Linux systems, and the "golden age" of buffer overflow exploitation looked like it was coming to a close. It is true that the code is getting better, and the mitigating protective mechanisms in Windows and Linux are getting better. But like in a ceramic, the physical properties of a system are defined by the interfaces between components, not the crystals themselves. Today, Immunity released a working version of the Aurora exploit for Windows 7 and IE8 today to CANVAS Early Updates. It does this by playing some very odd tricks with Flash's JIT compiler. This technique is extendible to almost all similar vulnerabilities. In other words, ASLR and DEP are not longer the shield they once were. I believe Dionysus Blazakis is going to release some details on a similar technique at BlackHat DC today. If you miss the rest of the talks, I'd recommend popping into that one. :> Thanks, Dave Aitel Immunity, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAktpqdIACgkQtehAhL0gheotCACfXVRvzHVKxVYWWYQigY7fKPi9 aL0AnjmW40zWTjtwitHJO3Fcv1z9F9QI =l0KE -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- ASLR+DEP = no problem. :> dave (Feb 03)
- Re: ASLR+DEP = no problem. :> Thierry Zoller (Feb 04)
- Re: ASLR+DEP = no problem. :> Moshe Ben Abu (Feb 04)
- Re: ASLR+DEP = no problem. :> dave (Feb 04)
- Re: ASLR+DEP = no problem. :> Matthew Wollenweber (Feb 04)
- Message not available
- Re: ASLR+DEP = no problem. :> Thierry Zoller (Feb 04)
- Re: ASLR+DEP = no problem. :> Alexander Sotirov (Feb 04)
- Re: ASLR+DEP = no problem. :> Nate Lawson (Feb 05)
- Re: ASLR+DEP = no problem. :> Larry Seltzer (Feb 05)
- Re: ASLR+DEP = no problem. :> Michal Zalewski (Feb 05)
- Re: ASLR+DEP = no problem. :> Moshe Ben Abu (Feb 04)
- Re: ASLR+DEP = no problem. :> Thierry Zoller (Feb 04)
- Re: ASLR+DEP = no problem. :> Sergio 'shadown' Alvarez (Feb 04)