Recently released exploit code makes people running fully patched versions of Fedora and other Linux distributions vulnerable to drive-by attacks that can install keyloggers, backdoors, and other types of malware, a security researcher says.
One of the exploits—which targets a memory corruption vulnerability in the GStreamer framework that by default ships with many mainstream Linux distributions—is also noteworthy for its elegance. To wit: it uses a rarely seen approach to defeat address space layout randomization and data execution prevention, which are two of the security protections built in to Linux to make software exploits harder to carry out. ASLR randomizes the locations in computer memory where software loads specific chunks of code. As a result, code that exploits existing flaws often results in a simple computer crash rather than a catastrophic system compromise. Meanwhile, DEP, which is often referred to as NX or No-Execute, blocks the execution of code that such exploits load into memory.