Open
Bug 806034
Opened 12 years ago
Updated 2 months ago
[meta] Bugs that reveal address space layout (ASLR bypasses)
Categories
(Core :: Security, enhancement)
Core
Security
Tracking
()
NEW
People
(Reporter: jruderman, Unassigned)
References
Details
(Keywords: meta)
fjserna argues that since memory-layout disclosures are about as hard to find as memory-safety bugs, and since you need both for a successful exploit, they should be treated as equally severe:
http://media.blackhat.com/bh-us-12/Briefings/Serna/BH_US_12_Serna_Leak_Era_Slides.pdf
Whatever we decide about the severity of these issues, we should at least be consistent :) Like maybe a direct reveal is sec-high and a timing attack reveal is sec-moderate.
Updated•9 years ago
|
Component: Tracking → Security
Updated•2 years ago
|
Severity: normal → S3
Updated•2 months ago
|
Type: defect → enhancement
You need to log in
before you can comment on or make changes to this bug.
Description
•