ASLR Bypass Vulnerability in Red Hat Enterprise Linux and Fedora
CVE-2012-1568

Currently unrated

Key Information:

Vendor: Fedoraproject
Status: Fedora; Enterprise Linux
Vendor: CVE Published:; 1 March 2013

Summary

The ExecShield feature in certain Red Hat patches for the Linux kernel does not adequately manage the use of numerous shared libraries by 32-bit executables. This oversight may allow context-dependent attackers to exploit a predictable base address for those libraries, consequently bypassing the Address Space Layout Randomization (ASLR) protection mechanism. This vulnerability emphasizes the need for robust security measures in handling shared libraries and reinforces the importance of updating systems to mitigate potential exploitation.

References

http://scarybeastsecurity.blogspot.com/2012/03/some-rando...

x_refsource_MISC

https://oss.oracle.com/git/?p=redpatch.git%3Ba=commit%3Bh...

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2012/03/20/4

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Mar 1, 2013
Vulnerability Reserved
Mar 12, 2012