Stack-based ASLR Bypass Vulnerability in NetBSD 7.1 and Earlier Versions

Stack-based ASLR Bypass Vulnerability in NetBSD 7.1 and Earlier Versions

CVE-2017-1000375 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled, this allows attackers to more easily manipulate memory leading to arbitrary code execution. This affects NetBSD 7.1 and possibly earlier versions.

Learn more about our Web Application Penetration Testing UK.