10 Apr '17, 11am

Georgia Tech finds subtle Linux vunerability

“While other kernel bugs and vulnerabilities have been examined and remedied, uninitialised-use bugs are not well studied, and to date, no practical defence mechanisms have been developed to protect against these attacks,” said researcher Kangjie Lu. To demonstrate the security risk to the kernel, the team developed an approach they dubbed ‘targeted stack spraying’. Along with a technique that occupies large portions of the memory to control the stack, said the university, the automated attack probes the stack to find weaknesses that user-mode programs can exploit to direct kernel code paths and leave attacker-controlled data on the kernel stack. Ultimately, the goal of this attack is to reliably control the value of a specific uninitialised variable in the kernel space of a running program. “Our research shows that utilising the targeted stack-spraying approach allows att...

Full article: https://www.electronicsweekly.com/news/research-news/geor...

Tweets

OIG

va.gov 12 Apr '17, 6pm

Learn more about this high-level public diplomacy forum in #Georgia

Learn more about this high-level public diploma...

nato.int 11 Apr '17, 12pm

Current security challenges and how effective public diplomacy can contribute to addressing them were the main focus of th...