3

Security: How come we still hear about many stack execution security flaws even though mechanisms such as NX bit DEP and ASLR exist so many years ? Have hackers found ways to circumvent these ?

When looking through relatively recent fixed security flaws in MS and Adobe you can still find exploits that give the attacker control of your system - doesn't this imply running code on stack via buffer overrun (which can't be done with DEP/NX/ASLR)?

thedrs
  • 1,412
  • 12
  • 29
  • note: found [this article](http://uninformed.org/?v=2&a=4) from 2005 showing methods to bypass hardware DEP, in brief, MS gave the possibility to disable NX/DEP for an already running process from another user space address. But using ASLR this isn't feasible ... And also I hope they manged to fix this ability in the past 6-7 years since the article ... So I am still looking for an answer ... – thedrs Dec 18 '11 at 10:17
  • 1
    [Return Oriented Programming](http://en.wikipedia.org/wiki/Return-oriented_programming) discusses why, for instance, `NX` isn't a 100% cure-all. Most of these defenses "raise the bar" on a flaw being exploitable, rather than preventing it completely. – Damien_The_Unbeliever Dec 18 '11 at 10:34
  • 1
    probably best asked on http://s.tk/security – Cheekysoft Dec 19 '11 at 13:20

0 Answers0