Mingw-w64, a 2005 update of the open-source MinGW software development environment for Microsoft Windows applications, has been found to produce executables that are incompatible with Address Space Layout Randomization (ASLR), a technology that reduces the effectiveness of malicious shellcode.
Consequently, vulnerabilities existing in these faulty executables can be exploited -- and there is no practical fix for the problem, warned the CERT Coordination Center (CERT/CC) at Carnegie Mellon's Software Engineering Institute, in a security advisory today.
"For ASLR to function, Windows executables must contain a relocations table," the advisory said. "Despite containing the 'Dynamic base' PE header, which indicates ASLR compatibility, Windows executables produced by mingw-w64 have the relocations table stripped from them by default. This means that executables produced by mingw-w64 are vulnerable to return-oriented programming (ROP) attacks."
The CERT/CC noted that vendors Arch Linux, CentOS, Debian GNU/Linux, Fedora Project, Gentoo Linux, Red Hat, SUSE Linux, Ubuntu and VideoLAN, while it is while it is unknown if the bug also impacts vendors Alpine Linux, Arista Networks, ASP Linux, CoreOS, ENEA and Geexbox.
A workaround to the issue is available, notes the CERT/CC: Users can force Mingw-w64 to produce an executable with an intact relocations table by adding "__declspec(dllexport)" before the main function in an application's source code. "This line will cause the following function to be exported," the advisory explained. "When generating an executable that exports a function name, mingw-w64 will not strip the relocations table."
