[Pidgin] #17342: Windows Pidgin builds suffer from broken ASLR
Pidgin
trac at pidgin.im
Mon Sep 17 12:20:05 EDT 2018
#17342: Windows Pidgin builds suffer from broken ASLR
--------------------+---------------------------
Reporter: DrWhax | Owner:
Type: defect | Status: new
Milestone: | Component: pidgin (gtk)
Version: 2.13.0 | Keywords: security aslr
--------------------+---------------------------
Hi,
I was battling with mingw-w64 for pidgin-otr and came across this cmu.edu
blogpost about it: https://insights.sei.cmu.edu/cert/2018/08/when-aslr-is-
not-really-aslr---the-case-of-incorrect-assumptions-and-bad-defaults.html
When looking at the last screenshot(@olabini pointed me to it), it shows
Pidgin suffers from the relocation table issue.
After running the python script link I can say that the latest Pidgin 2.13
release still suffers from broken ASLR.
{{{
python checkaslr.py pidgin/
Crawling root directory: /home/user/QubesIncoming/personal1/ ...
The following files are linked with /DYNAMICBASE, but may not be
compatible with ASLR:
/home/user/xxx/pidgin-2.13.0.exe : 0x400000
}}}
Mitigation is listed in the blogpost by cmu.edu
--
Ticket URL: <https://developer.pidgin.im/ticket/17342>
Pidgin <https://pidgin.im>
Pidgin
More information about the Tracker
mailing list