Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: partial analysis of vulndev-1.c

From: "Dana Epp" <dana () vulscan com>
Date: Tue, 13 May 2003 15:29:02 -0700
----- Original Message ----- 

From: "David R. Piegdon" <fleshyCPU () gmx net>
[...]

now the question: can we use this buffer overflow?
actually in this case not, because the allocation of the buffer is done
with malloc. on linux at least :) malloc does not use the stack but it
uses the HEAP.


Just because Linux may allocate the memory on the heap doesn't mean it can't
be overflowed. This is a comon misconception that bites a lot of us.
(Chances are you already know this)

You could muck with it and trick the free into overwriting arbitrary memory
locations with exploit data.  There is a pretty good paper on this over at:
http://www.w00w00.org/files/articles/heaptut.txt. Although heap overflows
are much harder to predict and architect, it is still quite possible. I
wouldn't count on the fact Linux uses the heap as a saving grace against an
attack like this.

---
Regards,
Dana M. Epp
Previous By Date Next
Previous By Thread Next

Current thread: