Vulnerability Development mailing list archives
Re: heap overflows
From: Steven Hill <steve () covertsystems org>
Date: Fri, 27 Feb 2004 14:30:42 +1100 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 26 Feb 2004 sigsegv () ureach com wrote:
Hi everyone, some questions about heap overflows: a. on examining the memory i find that the 'size' field is one byte more than the total length of the memory chunk. why is this so? b. my exploit does not work? am I doing something wrong?? Environment: Linux 2.4.20-8 #1 Thu Mar 13 17:54:28 EST 2003 i686 i686 i386 GNU/Linux gcc version 3.2.2 20030222 (Red Hat Linux 3.2.2-5) glibc-2.3.2-11.9 thanks a zillion
Hey,... Have a look at the attached vulnerable program and exploit code. It is very similar to what you are trying to acheive with regards to heap overflows...in particular a double free() vulnerability... I have also included a command line exploit sequence... Regards, SolarIce - -- ---=[ Covert Systems Research ]=-----------------------------// = www.covertsystems.org - = Exploit Research & Development - = Specializing in Linux & UNIX Systems - --------------------------------------------=[ SolarIce ]=---// --The more one reads & learns, the less the other person knows. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3rc2 (GNU/Linux) iD8DBQFAPrnr+SI9HWArYE4RAoU9AJ9NjvDuelGjPBv0g8+JjU6EjzLFdwCfbsUm qqG4uTE+yzDgfm7TMh1ALjA= =nzJT -----END PGP SIGNATURE-----
Attachment:
bof-basics-3.txt
Description:
Attachment:
exploit-3-1.c
Description:
Attachment:
vuln-3.c
Description:
Current thread:
- heap overflows sigsegv (Feb 26)
- Re: heap overflows Steven Hill (Feb 26)
- <Possible follow-ups>
- Re: heap overflows Vlad902 (Feb 26)
- Re: heap overflows sigsegv (Feb 27)
- Re: heap overflows Vlad902 (Feb 27)