Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Development and Code Review
(Moderator:
fabian
) »
ASLR unsicher?
« previous
next »
Print
Pages: [
1
]
Author
Topic: ASLR unsicher? (Read 4798 times)
cibomato
Newbie
Posts: 30
Karma: 4
ASLR unsicher?
«
on:
February 15, 2017, 08:54:59 pm »
Jetzt ist das gerade neu in OPNsense und nun das:
https://www.heise.de/newsticker/meldung/Schutz-durch-Speicherverwuerfelung-ASLR-geknackt-3627176.html
Was ist davon zu halten?
Viele Grüße,
Jochen
Logged
weust
Hero Member
Posts: 650
Karma: 57
Re: ASLR unsicher?
«
Reply #1 on:
February 15, 2017, 09:20:42 pm »
That only applies to Webbrowsers. OPNsense isn't one ;-)
Logged
Hobbyist at home, sysadmin at work. Sometimes the first is mixed with the second.
fabian
Moderator
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: ASLR unsicher?
«
Reply #2 on:
February 15, 2017, 09:37:49 pm »
No, it applies to any application, however if you can execute this type of attack, broken ASLR is the smallest problem (this means the attacker can already execute code).
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: ASLR unsicher?
«
Reply #3 on:
February 15, 2017, 09:59:33 pm »
A few notes from Shawn on the particular attack:
https://github.com/lattera/articles/blob/master/infosec/Exploit%20Mitigations/ASLR/2017-02-15_anc/article.md
Logged
lattera
Full Member
Posts: 207
Karma: 82
Re: ASLR unsicher?
«
Reply #4 on:
February 15, 2017, 10:44:48 pm »
ASLR is still an awesome addition to OPNsense since the AnC attack doesn't really apply to the applications installed on a typical OPNsense deployment. In order to carry out the attack, the attacker must be able to instrument the MMU, which is only possible with applications that accept and execute attacker-controlled code and provide performance APIs (like javascript in popular web browsers).
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Development and Code Review
(Moderator:
fabian
) »
ASLR unsicher?