Linux Heap Fast Bin Double Free Exploitation

In this paper, I introduce the reader to a heap metadata corruption against the current Linux Heap Allocator. An attacker that forces the application to perform a double free can manipulate it to make malloc return an arbitrary pointer in one instance and a duplicate pointer in another instance. Given the appropriate application logic, this can lead to exploitation.

Linux Heap Fast Bin Double Free Exploitation.PDF


Popular posts from this blog

Heap Exploitation in Chrome's PartitionAlloc - part 1

Linux Kernel Stack Smashing

Sudoedit heap overflow