Linux Heap Overlapping Chunks Exploitation
In this paper, I introduce the reader to a heap metadata corruption against the current Linux Heap Allocator, ptmalloc. An attacker that can overflow from one chunk into the next allocated chunk can force ptmalloc to return overlapping allocations. Given the appropriate application logic, this can lead to exploitation.
This attack is known and is documented in various outlets.
Linux Heap Overlapping Chunks Exploitation.PDF