|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: jf (jf
danglingpointers.net)
Date: Wed Jul 25 2007 - 19:51:22 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Didnt halvar already talk about unitialized automatic/local variables? and
how is a use-after-free condition any different than a double free (other than you
get to skip the second free)?
On Wed, 25 Jul 2007, Thomas Ptacek wrote:
> Date: Wed, 25 Jul 2007 12:02:32 -0500
> From: Thomas Ptacek <tqbfmatasano.com>
> To: jf <jfdanglingpointers.net>
> Cc: ergosumneurosecurity.com, dailydavelists.immunitysec.com
> Subject: Re: [Dailydave] Dangling pointers exploitation
>
> Unitialized automatic variables and use-after-free variables seem
> of-a-kind: you have a pointer who's value seems unpredictable but is
> in fact strongly influenced by the execution environment which is in
> turn often influenced by inputs and timing.
>
> On 7/25/07, jf <jfdanglingpointers.net> wrote:
> > > Let me just qualify that I was talking about the whole class of
> > > wild-pointer bugs.
> >
> > how would it be any different than
> > ptr+overflowed_offset/array[negative_index]/et cetera bugs?
> >
> > perhaps the guys found a new way of reliably exploiting a very specific
> > form of dangling pointer bugs, but i dont see how it could possibly
> > qualify as being a new class of vulns, nor can i think of anyone who has
> > ever said a dangling pointer was a QA issue and not a security issue
> >
>
>
>
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]