THE INFO LEAK ERA ON SOFTWARE EXPLOITATION presented at BlackHat USA 2012

by Fermin J. Serna,

Tags: Exploitation Information Leaks

Summary : Previously, and mainly due to application compatibility. ASLR has not been as effective as it has been expected. Nowadays, once some of the problems to fully deploy ASLR has been solved, it has become the key mitigation preventing reliable exploitation of software vulnerabilities. Defeating ASLR is a hot topic in the exploitation world.
During this talk, it will be presented why other mitigations without ASLR are not strong ones and why if you defeat ASLR you mainly defeat the rest of them. Methods to defeat ASLR had been fixed lately and the current way for this is using information leak vulnerabilities.
During this talk it will be presented several techniques that could be applied to convert vulnerabilities into information leaks:
Creating an info leak from a partial stack overflow
Creating an info leak from a heap overflow with heap massaging
Creating an info leak from an object though non virtual calls
Member variables with function pointers
Write4 pointers
Freeing the wrong object
Application specific info leaks: CVE-2012-0769, the case of the perfect info leak
Converting an info leak into an UXSS