Nytro Posted November 19, 2011 Report Posted November 19, 2011 Heap overflow exploit and understandingKhalil EzhaniSenator.of.Pirates @ gmail.comhttp://www.facebook.com/SenatorofPiratesNot all buffers are allocated on the stack. Often an application doesn't know how big to make certain buffers untilit is running. The heap is used by applications to dynamically allocate buffers of varying sizes. These buffers aresusceptible to overflows if user-supplied data isn't checked, leading to a compromise through an attackeroverwriting other values on the heap.Where the details of stack overflow exploitation rely on the specifics of hardware architecture, heap overflows arereliant on the way certain operating systems and libraries manage heap memory. Here I restrict the discussion ofheap overflows to a specific environment: a Linux system running on an Intel x86 platform, using the defaultGNU libc heap implementation (based on Doug Lea's dlmalloc). While this situation is specific, the techniques Idiscuss apply to other systems, including Solaris and Windows.Heap overflows can result in compromises of both sensitive data (overwriting filenames and other variables onthe heap) and logical program flow (through heap control structure and function pointer modification). I discussthe threat of compromising logical program flow here, along with a conceptual explanation and diagrams.Download:http://www.exploit-db.com/download_pdf/18133 Quote
