Linux Heap Calloc Exploitation part 2

In this paper, I introduce the reader to a heap metadata corruption against the most current version of the Linux Heap allocator. Normally, calloc will allocate data and zero out the memory before returning a pointer to it. An attacker that can overflow from one chunk into a free chunk in a fast bin can force calloc to return uninitialised data. This information leak could be utilised to defeat ASLR or expose sensitive information.

Linux Heap Calloc Exploitation part 2.PDF


Popular posts from this blog

Heap Exploitation in Chrome's PartitionAlloc - part 1

Pointer Compression in V8

Linux Kernel Stack Smashing