Hello,
We have found that systems that use Dracut instead of initramfs are
also vulnerables (tested on Fedora 24 x86_64).
Regards,
Hector Marco & Ismael Ripoll.
> Hello All,
>
>
> Affected package Cryptsetup <= 2:1
>
>
> CVE-ID -- CVE-2016-4484
>
>
> Description
, but unfortunately it was still present
in current Linux systems.
Details at:
http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-disables-ASLR.html
Best,
Hector.
--
Dr. Hector Marco-Gisbert @ http://hmarco.org/
Cyber Security Researcher @ http://cybersecurity.upv.es
Universitat
.
Details and PoC at:
http://hmarco.org/bugs/glibc_ptr_mangle_weakness.html
A patch is already sent to Glibc maintainers. This issue is similar to
http://hmarco.org/bugs/CVE-2013-4788.html but now affect to dynamic
linked applications.
--
Hector Marco-Gisbert @ http://hmarco.org/
Cyber Security
are configured at once (without exiting from the
menuconfig), then the system gets properly configured.
It seems that something in the PaX Kconfig files are not properly done. Could
anyone check it ? So, if you are using PaX, it worth to ensure that you are not
losing any PaX feature.
--
Hector Marco
).
Advisory details at:
http://hmarco.org/bugs/linux-ASLR-reducing-mmap-by-half.html
--
Hector Marco-Gisbert @ http://hmarco.org/
Cyber Security Researcher @ http://cybersecurity.upv.es
Universitat Politècnica de València (Spain)
___
Sent through