Linux Heap TCache Poisoning

Linux Heap TCache Poisoning

In this paper, I introduce the reader to a heap metadata corruption against the current Linux Heap Allocator, ptmalloc. The attack is performed via corrupting, or poisoning the tcache such that malloc returns an arbitrary pointer. This may allow for control flow hijacking if malloc returns a pointer to a function pointer and an attacker is able to write to that malloc returned buffer. TCache poisoning is possible from heap corruption including buffer overflows and Use-After-Frees.

Linux Heap TCache Poisoning.PDF

Comments

  1. Jessica9 August 2019 at 00:04

    We at
    my assignment expert provide all assignment help to students to overcome their fear to
    become better and score better grades. Our expert team possesses expertise in all the study
    areas and they are highly qualified experts.

    ReplyDelete
  2. rickypalm3 September 2019 at 02:32

    Very Nice Blog! This blog is totally informative about Assignment Help services. This blog gives the best ideas for college student about assignment writing services. Thanks for sharing this blog!
    Assignment Help Online
    Online Assignment Help
    Assignment Help Online Service
    Assignment Helper
    Assignment Assistance
    Assignment Help Experts

    ReplyDelete
  3. my assignment help12 October 2019 at 11:29

    Matlab Assignment Help
    Powerpoint Presentation Services
    Programming Assignment Help
    Essay Writing Help
    My assignment help
    پروژه آماده
    پروژه آماده آباکوس
    پروژه آماده سالیدورک
    پروژه آماده متلب

    ReplyDelete
  4. Mobile app development company in Mumbai14 October 2019 at 00:29

    Mobile app development company in gurgaon

    ReplyDelete
  5. amelie9 November 2019 at 01:19

    If you are bothering about who can write your assignment? Don’t worry students my assignment experts has a huge team of experts who are well-educated in their fields and available to do heavy work for you to complete your assignment within the deadline and provide you best assignment help services so that you can score high grades.assignment help online

    ReplyDelete

Post a Comment

Popular posts from this blog

Linux Heap glibc 2.27 Double Free Exploitation

In this paper, I introduce the reader to a heap metadata corruption against the glibc 2.27 Linux Heap Allocator, ptmalloc. This attack is mitigated in the most recent 2.29 glibc. An attacker that forces the application to perform a double free can manipulate it to make malloc return an arbitrary pointer. This is achieved, by having malloc return a chunk of memory whilst still remaining in the tcache freelist. The attacker is then able to manipulate this memory to perform tcache poisoning and force malloc to return an arbitrary pointer. This is a powerful primitive, and with appropriate application logic is equivalent of a write-what-where.

Linux Heap glibc 2.27 Double Free Exploitation.PDF

Read more