Posts

Showing posts from September, 2019

Linux Heap Unsorted Bin LIBC Base Leak

Linux Heap Fast Bin Poisoning part 2

Linux Heap Fast Bin Poisoning part 1

In this paper, I introduce the reader to a heap metadata corruption against the current Linux Heap allocator, ptmalloc. The attack is performed via corrupting, or poisoning the fast bin such that malloc returns a near arbitrary pointer. This may allow for control flow hijacking if malloc returns a pointer to a function pointer and an attacker is able to write to that malloc returned buffer.
Linux Heap Fast Bin Poisoning part 1.PDF