Linux Heap Overlapping Chunks Exploitation

In this paper, I introduce the reader to a heap metadata corruption against the current Linux Heap Allocator, ptmalloc. An attacker that can overflow from one chunk into the next allocated chunk can force ptmalloc to return overlapping allocations. Given the appropriate application logic, this can lead to exploitation.

This attack is known and is documented in various outlets.

Linux Heap Overlapping Chunks Exploitation.PDF

Comments

Popular posts from this blog

Linux Heap TCache Poisoning

Linux Kernel Infoleaks