Jump to content
Nytro

Mitigating Null Pointer Exploitation

By Nytro, in Tutoriale in engleza

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

Locking Down the Windows Kernel:

Mitigating Null Pointer Exploitation

Tarjei Mandt

Norman Threat Research

tarjei.mandt @ norman.com

Abstract.

One of the most prevalent bug classes aecting Windows ker-

nel components today is undeniably NULL pointer dereferences. Unlike

other platforms such as Linux, Windows (in staying true to backwards

compatibility) allows non-privileged users to map the null page within

the context of a user process. As kernel and user-mode components share

the same virtual address space, an attacker may potentially be able to

exploit kernel null dereference vulnerabilities by controlling the deref-

erenced data. In this paper, we propose a way to generically mitigate

NULL pointer exploitation on Windows by restricting access to the lower

portion of process memory using VAD manipulation. Importantly, as the

proposed method employs features already present in the memory man-

ager and does not introduce any oending hooks, it can be introduced on

a wide range of Windows platforms. Additionally, because the mitigation

only introduces minor changes at process creation-time, the performance

cost is minimal.

Keywords: null pointer vulnerabilities, exploitation, mitigation

Download:

http://www.mista.nu/research/nullpage.pdf

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...