Recently released exploit code makes people running fully patched versions of Fedora and other Linux distributions vulnerable to drive-by attacks that can install keyloggers, backdoors, and other types of malware, a security researcher says.
One of the exploits—which targets a memory corruption vulnerability in the GStreamer framework that by default ships with many mainstream Linux distributions—is also noteworthy for its elegance. To wit: it uses a rarely seen approach to defeat address space layout randomization and data execution prevention, which are two of the security protections built in to Linux to make software exploits harder to carry out.
Unlike most ASLR and DEP bypasses, the one folded into the GStreamer exploit doesn’t rely on code to manipulate the memory layout or other environmental variables. Instead, it painstakingly arranges the bytes of code in a way that completely disables the protections. And by eliminating the need for JavaScript or other memory-massaging code to execute on a targeted computer, it’s possible to carry out attacks that otherwise wouldn’t be possible.
Source: http://arstechnica.com/security/2016/11/elegant-0day-unicorn-underscores-serious-concerns-about-linux-security/
Submitted by: Arnfried Walbrecht
Comments are closed.