Dynamic Loader Oriented Programming – Wiederganger Proof Of Concept
Posted by deepcore on December 13, 2018 – 2:21 am
This paper and proof of concept describes the Wiederganger-Attack, a new attack vector that reliably allows to escalate unbounded array access vulnerabilities occurring in specifically allocated memory regions to full code execution on programs running on i386/x86_64 Linux. Wiederganger-attacks abuse determinism in Linux ASLR implementation combined with the fact that (even with protection mechanisms such as relro and glibc’s pointer mangling enabled) there exist easy-to-hijack, writable (function) pointers in application memory.
Post a reply
You must be logged in to post a comment.