Linux Heap Fast Bin Poisoning part 1

In this paper, I introduce the reader to a heap metadata corruption against the current Linux Heap allocator, ptmalloc. The attack is performed via corrupting, or poisoning the fast bin such that malloc returns a near arbitrary pointer. This may allow for control flow hijacking if malloc returns a pointer to a function pointer and an attacker is able to write to that malloc returned buffer.




Popular posts from this blog

C++ Memory Corruption (std::vector) - part 2

Pointer Compression in V8

Linux Kernel Stack Smashing