Linux Heap Fast Bin Poisoning part 1

In this paper, I introduce the reader to a heap metadata corruption against the current Linux Heap allocator, ptmalloc. The attack is performed via corrupting, or poisoning the fast bin such that malloc returns a near arbitrary pointer. This may allow for control flow hijacking if malloc returns a pointer to a function pointer and an attacker is able to write to that malloc returned buffer.




Popular posts from this blog

Empowering Women in Cybersecurity: InfoSect's 2024 Training Initiative

C++ Memory Corruption (std::string) - part 4

C++ Memory Corruption (std::vector) - part 2