crispinwirex.com

• Next message: Chris Evans: "glibc env. vars. (again)"
• Previous message: Matthew Kirkwood: "Re: Exploiting overflow of heap-based buffers"
• In reply to: Dave Wreski: "Re: Exploiting overflow of heap-based buffers"
• Next in thread: Steve Beattie: "Re: Exploiting overflow of heap-based buffers"
• Reply: Crispin Cowan: "Re: Exploiting overflow of heap-based buffers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dave Wreski wrote:

> > Are there any documented cases of exploits of overflows on the heap
> > (e.g. overflow of malloc()'d buffer?)
> >
> > Has anyone played with this much? It's an interesting topic....
>
> There's a lengthy article on heap overflows available at:
>
> http://www.w00w00.org/files/articles/heaptut.txt

This article was posted to Bugtraq, and I posted a detailed response
cse.ogi.edu">http://www.securityfocus.com/templates/archive.pike?list=1&date=1999-01-22&msg=36B02451.A9C1E522cse.ogi.edu

In the fal of 1999, I wrote a paper that analyzes buffer overflows in
general, especially with regard to the location of the buffer being
overflowed. It was published at the DARPA Information Survivability
Conference and Expo (DISCEX http://schafercorp-ballston.com/discex )
and also presented at SANS 2000 (
http://www.sans.org/newlook/events/sans2000.htm ). You can get the
paper here http://immunix.org/StackGuard/discex00.pdf

Crispin
-----
Crispin Cowan, CTO, WireX Communications, Inc. http://wirex.com
Free Hardened Linux Distribution: http://immunix.org
                  JOBS! http://immunix.org/jobs.html

• Next message: Chris Evans: "glibc env. vars. (again)"
• Previous message: Matthew Kirkwood: "Re: Exploiting overflow of heap-based buffers"
• In reply to: Dave Wreski: "Re: Exploiting overflow of heap-based buffers"
• Next in thread: Steve Beattie: "Re: Exploiting overflow of heap-based buffers"
• Reply: Crispin Cowan: "Re: Exploiting overflow of heap-based buffers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]