Dailydave mailing list archives
Re: gcc 4.1 security features
From: Angelo Dell'Aera <buffer () antifork org>
Date: Fri, 17 Feb 2006 11:15:16 +0100
On Fri, 17 Feb 2006 02:16:17 +0100 Joel Eriksson <je () bitnux com> wrote:
A more relevant fix was added to glibc-2.3.4 during late august 2004
The techniques described in the Phrack articles "Vudo Malloc Tricks" and "Once Upon A free()" could be considered simply obsolete. Take a look at this nice paper by Phantasmal Phantasmagoria http://packetstormsecurity.org/papers/attack/MallocMaleficarum.txt AFAIK these are the most effective techniques nowadays for exploiting such vulnerabilities. Regards, -- Angelo Dell'Aera 'buffer' Antifork Research, Inc. http://buffer.antifork.org Metro Olografix PGP information in e-mail header
Attachment:
_bin
Description:
Current thread:
- gcc 4.1 security features Matt (Feb 16)
- Re: gcc 4.1 security features Gadi Evron (Feb 16)
- Re: gcc 4.1 security features Halvar Flake (Feb 16)
- Re: gcc 4.1 security features Joel Eriksson (Feb 16)
- Re: gcc 4.1 security features Hikaru Gosun (Feb 17)
- Re: gcc 4.1 security features Angelo Dell'Aera (Feb 17)
- RE: gcc 4.1 security features Dave Korn (Feb 18)
- Re: gcc 4.1 security features Matt Conover (Feb 21)
- Re: gcc 4.1 security features Gadi Evron (Feb 16)
- Re: gcc 4.1 security features Eduardo Tongson (Feb 17)
- <Possible follow-ups>
- Re: gcc 4.1 security features Phantasmal Phantasmagoria (Feb 21)