uClibc Unlink Heap Exploitation

In this paper, I introduce the reader to a heap metadata corruption against the latest version of uClibc. This allocator is used in embedded systems. The unlink attack on heaps was first introduced by Solar Designer in the year 2000 and was the first generic heap exploitation technique made public. In the unlink technique, an attacker corrupts the prev and next pointers of a free chunk. In a subsequent malloc that recycles this chunk, the chunk is unlinked from its freelist via pointer manipulations. This inadvertently allows an attack to craft a write-what-where primitive and write what they want where they want in memory. This attack is historical, but also exists today in uClibc.

uClibc Unlink Heap Exploitation.PDF

Comments

  1. Autospin88 dan ElangGame - Situs game slot online terbesar, tercepat, terlengkap dan terfavorit.

    Ada banyak promosi yang sangat menarik dan merchandise keren yang hanya ada di Autospin88 dan ElangGame.

    Autospin88 pasti Autowin..
    ElangGame Slot Gacor

    Klik langsung di sini ya guys DAFTAR AUTOSPIN88

    Atau Klik DAFTAR ELANGGAME

    ReplyDelete

Post a Comment

Popular posts from this blog

C++ Memory Corruption (std::vector) - part 2

Pointer Compression in V8

Linux Kernel Stack Smashing