aslrekt | ASLREKT is a proof of concept

by blazeinfosec C Version: Current License: No License

X-Ray Key Features Code Snippets Community Discussions Vulnerabilities Install Support

kandi X-RAY | aslrekt Summary

aslrekt is a C library. aslrekt has no bugs, it has no vulnerabilities and it has low support. You can download it from GitHub.

ASLREKT is a proof of concept for an unfixed generic local ASLR bypass in Linux. ASLREKT requires a setuid binary that reads from stdin and writes to stdout/stderr (or to a readable file) the contents that it read. /proc/pid/stat is world-readable, however, if we aren't permitted to ptrace pid (!ptrace_may_access()), addresses aren't leaked and, instead, they are replaced with 0. The problem is that we can open() /proc/pid/stat and pass the fd as stdin of a newly executed special setuid binary (which can now ptrace pid) and read those addresses. In order for an attacker to be able to actually obtain them, the special setuid binary needs to write to stdout/stderr or readable file the contents that it read. There are several setuid binaries that do this, such as "procmail" which seems to be setuid on Debian-based systems, this includes Ubuntu. Another alternative is "spice-client-glib-usb-acl-helper". There may be more of these. This breaks ASLR for any process running under another uid, such as root. It's also possible to leak addresses via /proc/pid/syscall, it isn't world-readable, but we can open() it before a target setuid execve, and later leak them through the special setuid binary method. Modern Linux versions are still vulnerable. Copyright 2016-2020, Blaze Information Security.

Support

Quality

Security

License

Reuse

Support

aslrekt has a low active ecosystem.

It has 21 star(s) with 7 fork(s). There are 5 watchers for this library.

It had no major release in the last 6 months.

aslrekt has no issues reported. There are no pull requests.

It has a neutral sentiment in the developer community.

The latest version of aslrekt is current.

Quality

aslrekt has 0 bugs and 0 code smells.

Security

aslrekt has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.

aslrekt code analysis shows 0 unresolved vulnerabilities.

There are 0 security hotspots that need review.

License

aslrekt does not have a standard license declared.

Check the repository for any license declaration and review the terms closely.

Without a license, all rights are reserved, and you cannot use the library in your applications.

Reuse

aslrekt releases are not available. You will need to build from source code and install.

Top functions reviewed by kandi - BETA

kandi's functional review helps you automatically verify the functionalities of the libraries and avoid rework.
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of aslrekt

Get all kandi verified functions for this library.

aslrekt Key Features

No Key Features are available at this moment for aslrekt.

aslrekt Examples and Code Snippets

No Code Snippets are available at this moment for aslrekt.

Community Discussions

No Community Discussions are available at this moment for aslrekt.Refer to stack overflow page for discussions.

Community Discussions, Code Snippets contain sources that include Stack Exchange Network

Vulnerabilities

No vulnerabilities reported

Install aslrekt

You can download it from GitHub.

Support

For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .

Find more information at: