Linux Heap Overlapping Chunks Exploitation

In this paper, I introduce the reader to a heap metadata corruption against the current Linux Heap Allocator, ptmalloc. An attacker that can overflow from one chunk into the next allocated chunk can force ptmalloc to return overlapping allocations. Given the appropriate application logic, this can lead to exploitation.

This attack is known and is documented in various outlets.

Linux Heap Overlapping Chunks Exploitation.PDF


Popular posts from this blog

Heap Exploitation in Chrome's PartitionAlloc - part 1

Linux Kernel Stack Smashing

Sudoedit heap overflow