aslrekt | ASLREKT is a proof of concept
kandi X-RAY | aslrekt Summary
kandi X-RAY | aslrekt Summary
aslrekt is a C library. aslrekt has no bugs, it has no vulnerabilities and it has low support. You can download it from GitHub.
ASLREKT is a proof of concept for an unfixed generic local ASLR bypass in Linux. ASLREKT requires a setuid binary that reads from stdin and writes to stdout/stderr (or to a readable file) the contents that it read. /proc/pid/stat is world-readable, however, if we aren't permitted to ptrace pid (!ptrace_may_access()), addresses aren't leaked and, instead, they are replaced with 0. The problem is that we can open() /proc/pid/stat and pass the fd as stdin of a newly executed special setuid binary (which can now ptrace pid) and read those addresses. In order for an attacker to be able to actually obtain them, the special setuid binary needs to write to stdout/stderr or readable file the contents that it read. There are several setuid binaries that do this, such as "procmail" which seems to be setuid on Debian-based systems, this includes Ubuntu. Another alternative is "spice-client-glib-usb-acl-helper". There may be more of these. This breaks ASLR for any process running under another uid, such as root. It's also possible to leak addresses via /proc/pid/syscall, it isn't world-readable, but we can open() it before a target setuid execve, and later leak them through the special setuid binary method. Modern Linux versions are still vulnerable. Copyright 2016-2020, Blaze Information Security.
ASLREKT is a proof of concept for an unfixed generic local ASLR bypass in Linux. ASLREKT requires a setuid binary that reads from stdin and writes to stdout/stderr (or to a readable file) the contents that it read. /proc/pid/stat is world-readable, however, if we aren't permitted to ptrace pid (!ptrace_may_access()), addresses aren't leaked and, instead, they are replaced with 0. The problem is that we can open() /proc/pid/stat and pass the fd as stdin of a newly executed special setuid binary (which can now ptrace pid) and read those addresses. In order for an attacker to be able to actually obtain them, the special setuid binary needs to write to stdout/stderr or readable file the contents that it read. There are several setuid binaries that do this, such as "procmail" which seems to be setuid on Debian-based systems, this includes Ubuntu. Another alternative is "spice-client-glib-usb-acl-helper". There may be more of these. This breaks ASLR for any process running under another uid, such as root. It's also possible to leak addresses via /proc/pid/syscall, it isn't world-readable, but we can open() it before a target setuid execve, and later leak them through the special setuid binary method. Modern Linux versions are still vulnerable. Copyright 2016-2020, Blaze Information Security.
Support
Quality
Security
License
Reuse
Support
aslrekt has a low active ecosystem.
It has 21 star(s) with 7 fork(s). There are 5 watchers for this library.
It had no major release in the last 6 months.
aslrekt has no issues reported. There are no pull requests.
It has a neutral sentiment in the developer community.
The latest version of aslrekt is current.
Quality
aslrekt has 0 bugs and 0 code smells.
Security
aslrekt has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.
aslrekt code analysis shows 0 unresolved vulnerabilities.
There are 0 security hotspots that need review.
License
aslrekt does not have a standard license declared.
Check the repository for any license declaration and review the terms closely.
Without a license, all rights are reserved, and you cannot use the library in your applications.
Reuse
aslrekt releases are not available. You will need to build from source code and install.
Top functions reviewed by kandi - BETA
kandi's functional review helps you automatically verify the functionalities of the libraries and avoid rework.
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of aslrekt
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of aslrekt
aslrekt Key Features
No Key Features are available at this moment for aslrekt.
aslrekt Examples and Code Snippets
No Code Snippets are available at this moment for aslrekt.
Community Discussions
No Community Discussions are available at this moment for aslrekt.Refer to stack overflow page for discussions.
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install aslrekt
You can download it from GitHub.
Support
For any new features, suggestions and bugs create an issue on GitHub.
If you have any questions check and ask questions on community page Stack Overflow .
Find more information at:
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page