Project Zero Exploits 'Unexploitable' Glibc Bug

Project Zero Exploits 'Unexploitable' Glibc Bug 98

Posted by Unknown Lamer on Tuesday August 26, 2014 @07:29PM from the never-say-never dept.

NotInHere (3654617) writes with news that Google's Project Zero has been busy at work. A month ago they reported an off-by-one error in glibc that would overwrite a word on the heap with NUL and were met with skepticism at its ability to be used in an attack. Google's 'Project Zero' devised an exploit of the out-of-bounds NUL write in glibc to gain root access using the setuid binary pkexec in order to convince skeptical glibc developers. 44 days after being reported, the bug has been fixed. They even managed to defeat address space randomization on 32-bit platforms by tweaking ulimits. 64-bit systems should remain safe if they are using address space randomization.

Project Zero Exploits 'Unexploitable' Glibc Bug

Search 98 Comments Log In/Create an Account

Comments Filter:

Re:microsofties here is your chance to party (Score:2, Funny)

by Anonymous Coward writes: on Tuesday August 26, 2014 @07:46PM (#47761381)

CAN YOU HEAR ME NOW?? HELLO?

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Project Zero Exploits 'Unexploitable' Glibc Bug 98

Project Zero Exploits 'Unexploitable' Glibc Bug More Login

Project Zero Exploits 'Unexploitable' Glibc Bug

Re:microsofties here is your chance to party (Score:2, Funny)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot