Dailydave mailing list archives
Re: ASLR+DEP = no problem. :>
From: Matthew Wollenweber <mjw () cyberwart com>
Date: Thu, 4 Feb 2010 14:31:35 -0500
I saw the talk and I'm not sure how exactly you easily fix the problem. The speaker didn't organize the talk optimally and TSA screaming next door didn't help either, however it seems difficult to fix being able to fix shellcode generated by valid actionscript code. Additionally, the JIT spray was fairly small and according to the speaker had a greater than 90% reliability. The most common attack vectors (IMO) appear to be PDFs and IE. Adobe squashing Flash seems unlikely and I can't imagine Flash generically being blocked on any large level (within the next year or until HTML5 is more universal). I still haven't made it through the paper ( http://www.semantiscope.com/research/BHDC2010/BHDC-2010-Slides-v2.pdf) for all the details so my thoughts are only based on believing the speaker (who I don't know), but it was very interesting to me and appears promising. On Thu, Feb 4, 2010 at 1:29 PM, Moshe Ben Abu <mtrancer () gmail com> wrote:
Yep, I agree with Thierry, once the technique will be fixed - ASLR+DEP = big problem :( Past examples: - Java Virtual Machine Heap Spray > Java is out of process since 1.6.0u10. - Actionscript Heap Spray > Flash 10 got DEP and ASLR. - .NET User Control binary > Internet Explorer 8 RTM blocks it on Internet Zone. In addition, latest versions of Adobe Reader, QuickTime and .NET Framework got DEP and ASLR enabled too... On Thu, Feb 4, 2010 at 1:14 PM, Thierry Zoller <Thierry () zoller lu> wrote:Hi, This -It does this by playing some very odd tricks with Flash's JIT compiler.+In other words, ASLR and DEP are not longer the shield they once were.Doesn't compute. You are relying on oddities, fix the oddities and ASLR/DEP are back again. -- http://blog.zoller.lu Thierry Zoller _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave-- Trancer Recognize-Security http://www.rec-sec.com _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- ASLR+DEP = no problem. :> dave (Feb 03)
- Re: ASLR+DEP = no problem. :> Thierry Zoller (Feb 04)
- Re: ASLR+DEP = no problem. :> Moshe Ben Abu (Feb 04)
- Re: ASLR+DEP = no problem. :> dave (Feb 04)
- Re: ASLR+DEP = no problem. :> Matthew Wollenweber (Feb 04)
- Message not available
- Re: ASLR+DEP = no problem. :> Thierry Zoller (Feb 04)
- Re: ASLR+DEP = no problem. :> Alexander Sotirov (Feb 04)
- Re: ASLR+DEP = no problem. :> Nate Lawson (Feb 05)
- Re: ASLR+DEP = no problem. :> Larry Seltzer (Feb 05)
- Re: ASLR+DEP = no problem. :> Michal Zalewski (Feb 05)
- Re: ASLR+DEP = no problem. :> Moshe Ben Abu (Feb 04)
- Re: ASLR+DEP = no problem. :> Thierry Zoller (Feb 04)
- Re: ASLR+DEP = no problem. :> Sergio 'shadown' Alvarez (Feb 04)
- Re: ASLR+DEP = no problem. :> pageexec (Feb 04)
- Re: ASLR+DEP = no problem. :> Berend-Jan Wever (Feb 05)