EXPLOITING LINUX AND PAX ASLR'S WEAKNESSES ON 32-BIT AND 64-BIT SYSTEMS presented at BlackHatAsia 2016

by Hector Marco-gisbert, Ismael Ripoll,

Summary : In this work, we present four weaknesses in current Linux and PaX ASLR design and implementation:
1) Too low entropy
2) Non-uniform distribution
3) Correlation between objects
4) Inheritance
A proof of concept exploiting the correlation weakness is presented, which bypasses the Full ASLR Linux in 64-bit systems in less than one second - the system is protected. A deep analysis of all these weaknesses enabled us to propose a new ASLR design. A proof of concept on Linux will be named ASLR-NG, which overcomes all current ASLRs including PaX solution. Finally, we present ASLRA, a suit tool to analyze the ASLR entropy of Linux.