Ismael Ripoll

4 exploits Active since Oct 2013
CVE-2015-1593 WRITEUP WRITEUP
Linux kernel <3.19.1 - Info Disclosure
The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for attackers to bypass the ASLR protection mechanism by predicting the address of the top of the stack, related to the randomize_stack_top function in fs/binfmt_elf.c and the stack_maxrandom_size function in arch/x86/mm/mmap.c.
CVE-2016-3672 EXPLOITDB HIGH text WRITEUP
Linux kernel <4.5.2 - Privilege Escalation
The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits.
CVSS 7.8
EIP-2026-103356 EXPLOITDB text WRITEUP
Offset2lib - Bypassing Full ASLR On 64 bit Linux
CVE-2013-4788 EXPLOITDB c WORKING POC
GNU C Library <2.17 - Buffer Overflow
The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.