Overview
mingw-w64 produces a executable Windows files without a relocations table by default, which breaks compatibility with ASLR.
Description
ASLR is an exploit mitigation technique used by modern Windows platforms. For ASLR to function, Windows executables must contain a relocations table. Despite containing the "Dynamic base" PE header, which indicates ASLR compatibility, Windows executables produced by mingw-w64 have the relocations table stripped from them by default. This means that executables produced by mingw-w64 are vulnerable to return-oriented programming (ROP) attacks. |
Impact
Windows executables generated by mingw-w64 claim to be ASLR compatible, but are not. Vulnerabilities in such executables are more easily exploitable as a result. |
Solution
The CERT/CC is currently unaware of a practical solution to this problem. Please consider the following workaround: |
Force mingw-w64 to retain the relocations table mingw-w64 can be coerced into producing an executable with the relocations table intact by adding the following line before the main function in a program's source code: |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 0 | AV:--/AC:--/Au:--/C:--/I:--/A:-- |
| Temporal | 0 | E:ND/RL:ND/RC:ND |
| Environmental | 0 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
References
Acknowledgements
This vulnerability was reported by Will Dormann of the CERT/CC.
This document was written by Will Dormann.
Other Information
| CVE IDs: | CVE-2018-5392 |
| Date Public: | 2013-06-09 |
| Date First Published: | 2018-08-03 |
| Date Last Updated: | 2018-08-03 12:50 UTC |
| Document Revision: | 12 |