mingw-w64 by default produces executables that opt in to ASLR, but are not compatible with ASLR

Overview

mingw-w64 produces a executable Windows files without a relocations table by default, which breaks compatibility with ASLR.

Description

ASLR is an exploit mitigation technique used by modern Windows platforms. For ASLR to function, Windows executables must contain a relocations table. Despite containing the “Dynamic base” PE header, which indicates ASLR compatibility, Windows executables produced by mingw-w64 have the relocations table stripped from them by default. This means that executables produced by mingw-w64 are vulnerable to return-oriented programming (ROP) attacks.

---

Impact

Windows executables generated by mingw-w64 claim to be ASLR compatible, but are not. Vulnerabilities in such executables are more easily exploitable as a result.

---

Solution

The CERT/CC is currently unaware of a practical solution to this problem. Please consider the following workaround:

---

Force mingw-w64 to retain the relocations table

mingw-w64 can be coerced into producing an executable with the relocations table intact by adding the following line before the main function in a program’s source code:
__declspec(dllexport)

This line will cause the following function to be exported. When generating an executable that exports a function name, mingw-w64 will not strip the relocations table.

---

Vendor Information

307144

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Arch Linux Affected

Notified: July 26, 2018 Updated: August 01, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CentOS Affected

Notified: July 26, 2018 Updated: August 01, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Debian GNU/Linux Affected

Notified: July 26, 2018 Updated: August 01, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Fedora Project Affected

Notified: July 26, 2018 Updated: August 01, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Gentoo Linux Affected

Notified: July 26, 2018 Updated: August 01, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Red Hat, Inc. Affected

Notified: July 26, 2018 Updated: August 01, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SUSE Linux Affected

Notified: July 26, 2018 Updated: August 01, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Ubuntu Affected

Notified: July 26, 2018 Updated: August 01, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

VideoLAN Affected

Notified: July 23, 2018 Updated: August 01, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

ASP Linux Unknown

Notified: July 26, 2018 Updated: July 26, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Alpine Linux Unknown

Notified: July 26, 2018 Updated: July 26, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Arista Networks, Inc. Unknown

Notified: July 26, 2018 Updated: July 26, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

CoreOS Unknown

Notified: July 26, 2018 Updated: July 26, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

ENEA Unknown

Notified: July 26, 2018 Updated: July 26, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Geexbox Unknown

Notified: July 26, 2018 Updated: July 26, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

HomeSeer Unknown

Notified: July 26, 2018 Updated: July 26, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Micro Focus Unknown

Notified: July 26, 2018 Updated: July 26, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

MontaVista Software, Inc. Unknown

Notified: July 26, 2018 Updated: July 26, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Openwall GNU/*/Linux Unknown

Notified: July 26, 2018 Updated: July 26, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Slackware Linux Inc. Unknown

Notified: July 26, 2018 Updated: August 01, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Tizen Unknown

Notified: July 26, 2018 Updated: July 26, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Turbolinux Unknown

Notified: July 26, 2018 Updated: July 26, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

View all 22 vendors __View less vendors __

CVSS Metrics

Group	Score	Vector
Base	0	AV:–/AC:–/Au:–/C:–/I:–/A:–
Temporal	0	E:ND/RL:ND/RC:ND
Environmental	0	CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

• <https://sourceforge.net/p/mingw-w64/mailman/message/31034877/&gt;
• <https://sourceware.org/bugzilla/show_bug.cgi?id=17321&gt;
• <https://sourceware.org/bugzilla/show_bug.cgi?id=19011&gt;

Acknowledgements

This vulnerability was reported by Will Dormann of the CERT/CC.

This document was written by Will Dormann.

Other Information

CVE IDs:	CVE-2018-5392
Date Public:	2013-06-09 Date First Published: