In late 2001, "Vudo Malloc Tricks" and "Once Upon A free()" defined the exploitation of overflowed dynamic memory chunks on Linux. In late 2004, a series of patches to GNU libc malloc implemented over a dozen mandatory integrity assertions, effectively rendering the existing techniques obsolete. The Malloc Maleficarum discusses the next generation of possible glibc malloc exploitation techniques.
6fd158952a4729defcf005345c61b2ff4749754a2ca9498169830f450fd5e14bWhite paper discussing ways to evade detection of polymorphic shellcode.
c51038375bba89296e3a5ecd7c323517a48352d78973a8c34851e6720c2189f0ProFTPD versions below 1.2.9rc3 are susceptible to a couple off-by-one overflows. One was introduced after the patch was written to address the flaws listed here.
3f4cda1fa89c843e8b48e9db2c38b1267c17f66732fe1a08256f7ad41f9a03d4
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed