Researchers’ Attack Code Circumvents Defense Mechanisms on Linux, Leaving Machines Susceptible

For any Linux administrator it may possibly be in his knowledge that despite him having all the patches up-to-date for his Linux systems, still there's no surety he's free from security flaws. There are numerous components which make up a Linux system, with any of them capable of exposing for an installation of attack code.

This recently happened with an attack code which Chris Evans a security researcher released. Albeit the code has been well written while it leverages certain unusual ways for abusing memory corruption flaw within GStreamer, there's more of academic interest into it, reports Ars Technica.

It has been found that the code eludes two security defenses in Linux i.e. DEP (data execution protection), whose other name is No-Execute (NX), and ASLR (address space layout randomization).

In particular, the key task of ASLR is randomizing when an exploit gets implanted into memory that enables a vibrant attack code to attain minimal success as also for diminishing its effect on that machine. Simultaneously, DEP generates one fresh protection layer via just stopping the attack code from the implanting process. Softpedia.com posted this, November 23, 2016.

The code which Evans released was through one FLAC media document which Fedora ver.24 supported as also it abused GStreamer flaw while further attacked the media players -Totem and Rhythmbox. The code got created for Fedora alone and thus threatens just limited count of people using Linux while they make use of media player, thereby ensuring little danger for people on any other Linux platforms.

Researchers develop such attack codes for aiding Linux security's onward movement. A demonstration of the way an attack code is possible to write towards effectively exploiting just any flaw, the above kinds emphasize that Linux vendors require vigorously enhancing the safety mechanism on Linux instead of just reacting when attacks occur.

The researchers' development was worth it as it proves that it's possible to have script-less exploits, no matter it's w.r.t. a nice 64-bit ASLR. It's possible that the flaw would get patched fast; however, at present the vital thing to keep in mind is that the attack code is suitable only on Fedora.

» SPAMfighter News - 11/29/2016