In this
paper, I introduce the reader to a heap metadata corruption against the current
Linux Heap Allocator, ptmalloc. An attacker that can overflow from one chunk
into the next allocated chunk can force ptmalloc to return overlapping
allocations. Given the appropriate application logic, this can lead to
exploitation.
This attack
is known and is documented in various outlets.
Linux Heap Overlapping Chunks Exploitation.PDF
