| Title: | Bypassing the Full ASLR on 64 bit GNU/Linux in less than one second |
| Authors: | Hector Marco & Ismael Ripoll |
| Date: | November 2014 |
| Comment: | Offset2lib is an ASLR weakness which can be exploited to bypass the ASLR on 64 bit GNU/Linux systems in less than one second. |
| Website: | http://cybersecurity.upv.es/attacks/offset2lib/offset2lib.html |
During my PhD research, I have been working on several protection mechanisms at low level. I found a weakness on the ASLR while I was analyzing low level protection mechanisms. We named this weakness as Offset2lib. Basically, it allows an attacker to bypass the ASLR in a new and faster way.
In order to show the impact of this weakness and to make a more realistic the attack, I have created a proof of concept exploit to bypass NX, SSP and ASLR in a 64bit Ubuntu 14.04.1 LTS (Trusty Tahr). This attack is able to bypass:
It is worth mentioning that the attack does not rely on:
This work has been presented in the DeepSec 2014 security conference (20 Nov. 2014).
The offset2lib weakness jointly with the Address Space Layout Randomization Next Generation ASLR-NG
(which solves this problem) are part of my PhD thesis.