Re: [oss-security] CUPS printing system vulnerabilities

2024-09-27 Thread Will Dormann
unrelated CWEs are listed. Isn't using a single CVE to capture what can happen when multiple vulnerabilities are chained together... frowned upon? <https://cve.mitre.org/cve/list_rules_and_guidance/counting_rules.html> -- Will Dormann | Senior Vulnerability Analyst ANALYGENCE, Inc. 81

Re: [oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch

2024-07-30 Thread Will Dormann
: [stack], Entropy: 12 bits, Mask: 00fff000 test@debian:~$ -- Will Dormann | Senior Vulnerability Analyst ANALYGENCE, Inc. 8115 Maple Lawn Blvd., Suite 110, Fulton, MD 20759 t 412.818.3452 | f 301.812.4252 e will.dorm...@analygence.com | w analygence.com

Re: [oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch

2024-07-10 Thread Will Dormann
On 7/10/24 4:54 PM, Yves-Alexis Perez wrote: On Mon, 2024-07-08 at 12:37 -0400, Will Dormann wrote: - Modern (e.g. 6.x kernel) x86 platforms load a large-enough libc at the same address every time. (i.e. no practical ASLR -- "ASLRn't") - Modern (e.g. 6.x kernel and la

[oss-security] Re: ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch

2024-07-08 Thread Will Dormann
On 7/8/24 12:37 PM, Will Dormann wrote:  - Modern (e.g. 6.x kernel) x86 platforms load a large-enough libc at the same address every time. (i.e. no practical ASLR -- "ASLRn't")  -  Modern (e.g. 6.x kernel and large-enough libc) x86_64 platforms running 32-bit code will load

Re: [oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch

2024-07-08 Thread Will Dormann
On 7/8/24 1:28 PM, Florian Weimer wrote: The kernel should not apply hugepage optimizations to mappings created with MAP_DENYWRITE. FWIW, Grsecurity has published a blog post about this topic that covers much more nuance than the original "ASLRn't" blog post:

[oss-security] ASLRn't is still alive and well on x86 kernels, despite CVE-2024-26621 patch

2024-07-08 Thread Will Dormann
Hi folks, Back in 2022, a Debian bug report was created that described weaknesses in ASLR: As the result of this, x86_64 ASLR was weakened, and x86 ASLR was practically disabled, as the result of libc libraries being larger than 2MB i