[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] CVE-2015-1593 - Linux ASLR integer overflow: Reducing stack entropy by four

To: fulldisclosure@xxxxxxxxxxxx, bugs@xxxxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
Subject: [FD] CVE-2015-1593 - Linux ASLR integer overflow: Reducing stack entropy by four
From: Hector Marco <hecmargi@xxxxxx>
Date: Sat, 14 Feb 2015 03:20:13 +0100

Hi,

A bug in Linux ASLR implementation for versions prior to 3.19-rc3 has
been found. The issue is that the stack for processes is not properly
randomized on some 64 bit architectures due to an integer overflow.

Affected systems have reduced the stack entropy of the processes by four.


Details at:
http://hmarco.org/bugs/linux-ASLR-integer-overflow.html



Regards,
Hector Marco.
http://hmarco.org

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] CVE-2015-1574 - Google Email App 4.2.2 remote denial of service
Next by Date: [FD] HumHub .htaccess file upload vulnerability and remote code execution
Previous by thread: [FD] CVE-2015-1574 - Google Email App 4.2.2 remote denial of service
Next by thread: [FD] HumHub .htaccess file upload vulnerability and remote code execution
Index(es):
- Date
- Thread