Articles with tag: Gnu Libc
POSTED BY:
Dimitrios Glynos
/
03.04.2010
Update on canary randomisation for hardened Linux applications
This article is a followup to our last year’s advisory on canary randomisation for applications of the Debian distribution.
POSTED BY:
Dimitrios Glynos
/
21.01.2009
Static SSP canary in Debian libc6
CENSUS ID: | CENSUS-2009-0001 |
Affected Products: | All SSP-armoured applications, statically or dynamically linked against the libc6 library (versions ≤ 2.7) provided by the Debian GNU/Linux project. |
Class: | Degraded performance of security mechanism due to misconfiguration. |
Discovered by: | Dimitris Glynos |
We have found that Debian packages of the GNU libc library (versions prior to and including 2.7) provide a static (i.e. guessable) canary value to all applications armoured with the gcc SSP mechanism.