CR-ATTACKER: Exploiting Crash-Reporting Systems Using Timing Gap and Unrestricted File-Based Workflow

CR-ATTACKER: Exploiting Crash-Reporting Systems Using Timing Gap and Unrestricted File-Based Workflow

Software vendors widely adopt crash-reporting systems to automate the collection of crash reports, enabling efficient diagnosis and management of software failures. However, these reports often contain detailed memory snapshots of crashed processes, which may include sensitive user data (e.g., crede...

Full description

Saved in:
Bibliographic Details
Main Authors: Seong-Joong Kim, Myoungsung You, Seungwon Shin
Format: Article
Language:English
Published: IEEE 2025-01-01
Series:IEEE Access
Subjects:
Software crash
crash reporter
exploitation
denial-of-service
bypass ASLR
Online Access:https://ieeexplore.ieee.org/document/10937218/
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Software vendors widely adopt crash-reporting systems to automate the collection of crash reports, enabling efficient diagnosis and management of software failures. However, these reports often contain detailed memory snapshots of crashed processes, which may include sensitive user data (e.g., credentials and cryptographic keys). Ensuring the security of crash-reporting systems is, therefore, critical to prevent information leakage and potential exploitation. This paper analyzes the security of common crash-reporting system architectures for Linux and identifies two novel attack vectors: 1) a timing gap vulnerability during partial privilege de-escalation and 2) a file-based workflow exploitation between crash-reporting system components. By leveraging these attack vectors, we demonstrate that unprivileged attackers can extract arbitrary memory contents from other processes or manipulate the behavior of crash-reporting systems, leading to information leakage and system compromise. To mitigate these threats, we propose practical defense mechanisms that effectively neutralize both attack vectors, thereby enhancing the overall security of crash-reporting systems. We validate our findings through real-world evaluations on widely used open-source crash-reporting systems, which resulted in the discovery of four new CVEs related to ASLR bypass, arbitrary code execution, and denial-of-service (DoS) attacks. These findings highlight the urgent need for strengthened security measures in modern crash-reporting systems.
ISSN:2169-3536

Similar Items