{"vuid":"VU#307144","idnumber":"307144","name":"mingw-w64 by default produces executables that opt in to ASLR, but are not compatible with ASLR","keywords":["ASLR","resources table"],"overview":"mingw-w64 produces a executable Windows files without a relocations table by default, which breaks compatibility with ASLR.","clean_desc":"ASLR is an exploit mitigation technique used by modern Windows platforms. For ASLR to function, Windows executables must contain a relocations table. Despite containing the \"Dynamic base\" PE header, which indicates ASLR compatibility, Windows executables produced by mingw-w64 have the relocations table stripped from them by default. This means that executables produced by mingw-w64 are vulnerable to return-oriented programming (ROP) attacks.","impact":"Windows executables generated by mingw-w64 claim to be ASLR compatible, but are not. Vulnerabilities in such executables are more easily exploitable as a result.","resolution":"The CERT/CC is currently unaware of a practical solution to this problem. Please consider the following workaround:","workarounds":"Force mingw-w64 to retain the relocations table mingw-w64 can be coerced into producing an executable with the relocations table intact by adding the following line before the main function in a program's source code: __declspec(dllexport) This line will cause the following function to be exported. When generating an executable that exports a function name, mingw-w64 will not strip the relocations table.","sysaffected":"","thanks":"This vulnerability was reported by Will Dormann of the CERT/CC.","author":"This document was written by Will Dormann.","public":["https://sourceforge.net/p/mingw-w64/mailman/message/31034877/","https://sourceware.org/bugzilla/show_bug.cgi?id=17321","https://sourceware.org/bugzilla/show_bug.cgi?id=19011"],"cveids":["CVE-2018-5392"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2018-07-26T18:34:45Z","publicdate":"2013-06-09T00:00:00Z","datefirstpublished":"2018-08-03T12:50:44Z","dateupdated":"2018-08-03T12:50:47Z","revision":12,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"1","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"--","cvss_accesscomplexity":"--","cvss_authentication":null,"cvss_confidentialityimpact":"--","cvss_integrityimpact":"--","cvss_availabilityimpact":"--","cvss_exploitablity":null,"cvss_remediationlevel":"ND","cvss_reportconfidence":"ND","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"0","cvss_basevector":"AV:--/AC:--/Au:--/C:--/I:--/A:--","cvss_temporalscore":"0","cvss_environmentalscore":"0","cvss_environmentalvector":"CDP:ND/TD:M/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}