vendor:
N/A
by:
Hector Marco and Ismael Ripoll
7,2
CVSS
HIGH
Offset2lib
N/A
CWE
Product Name: N/A
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: No
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2014
Offset2lib: Bypassing Full ASLR On 64bit Linux
Offset2lib is a vulnerability in the Linux ASLR implementation that allows an attacker to de-randomize all mmapped areas (libraries, mapped files, etc.) by knowing only an address belonging to the application and the offset2lib value.
Mitigation:
The vulnerability can be mitigated by disabling PIE support.
