The raspberry pi runs on the ARM1176JZF-S processor. ARM is used in more devices than just the Rpi. ARM exploitation is certainly possible. Have a look at the following papers:
Also have a look at this Defcon 18 presentation.
In regards to exploitation, Buffer overflows are definitely possible (refer to the papers for technical details). On many new platforms the stacks are non-executable, thus attempting to exploit them is more difficult than in the past. Techniques like ret2libc won't work because of the way ARM performs variable management. Variables are sometimes pushed across registers rather than being put on the stack, which makes it a lot more difficult to pop the right variables in order to jump to a piece of shellcode. Another type of attack can be used instead though as demonstrated in this paper which uses an adaption of the technique making use of Return Oriented Programming.
ASLR is primarily an Operating System responsibility. So it will largely depend on what OS you are running on your Rpi and if it was compiled with ASLR support. NX bits are implemented but can be circumvented using Return Oriented Programming.
Note that the ARM processor within the raspberry pi supports TrustZone which allows for two spaces:
- Secure World
- Normal World
ARM uses virtual cores to seperate these two worlds, which allow for different execution privileges (for instance on Android this is used to seperate your mobile payment module to execute in a completely different zone than your normal applications). So even when you might be able to exploit your device, there is still a possibility that you will not gain access to sensitive data.
In regards to plausible attack vectors, it would depend on what you use the Rpi for. For other devices implementing ARM, attacks have been used to for instance unlock boot loaders (the exploit actually was able to bypass secure to normal world protections).
