Wiedergänger

Linux currently (November 2017, kernel 4.14) uses a weak mmap implementation that maps chunks at constant distances to each other into the virtual address space. To show that this can be problematic, we developed two attacks that show how to escalate Array-Out-of-Bounds-Writes to code execution by overwriting internal data structures used by ld.so. Details, Proof-of-Concept-Code, and an academic Paper can be found on github.