Linux Heap House of Force Exploitation

In this paper, I introduce the reader to a heap metadata corruption against a recent version of the Linux Heap allocator in glibc 2.27. The House of Force attack is a known technique that requires a buffer overflow to overwrite the top chunk size. An attacker must then be able to malloc an arbitrary size of memory. The result is that it is possible to make a later malloc return an arbitrary pointer. With appropriate application logic, this attack can be used in exploitation. This attack has been mitigated in the latest glibc 2.29 but is still exploitable in glibc 2.27 as seen in Ubuntu 18.04 LTS.

Linux Heap House of Force Exploitation.PDF


Popular posts from this blog

Heap Exploitation in Chrome's PartitionAlloc - part 1

Linux Kernel Stack Smashing

Linux Heap TCache Poisoning