Dailydave mailing list archives

Re: gcc 4.1 security features

From: Angelo Dell'Aera <buffer () antifork org>
Date: Fri, 17 Feb 2006 11:15:16 +0100

On Fri, 17 Feb 2006 02:16:17 +0100
Joel Eriksson <je () bitnux com> wrote:

A more relevant fix was added to glibc-2.3.4 during late august 2004


The techniques described in the Phrack articles "Vudo Malloc Tricks" and
"Once Upon A free()" could be considered simply obsolete. Take a look at
this nice paper by Phantasmal Phantasmagoria

http://packetstormsecurity.org/papers/attack/MallocMaleficarum.txt

AFAIK these are the most effective techniques nowadays for exploiting
such vulnerabilities.

Regards,

-- 

Angelo Dell'Aera 'buffer' 
Antifork Research, Inc.         http://buffer.antifork.org
Metro Olografix

PGP information in e-mail header

Attachment: _bin
Description:

Current thread:

gcc 4.1 security features Matt (Feb 16)
- Re: gcc 4.1 security features Gadi Evron (Feb 16)
  - Re: gcc 4.1 security features Halvar Flake (Feb 16)
  - Re: gcc 4.1 security features Joel Eriksson (Feb 16)
    - Re: gcc 4.1 security features Hikaru Gosun (Feb 17)
    - Re: gcc 4.1 security features Angelo Dell'Aera (Feb 17)
    - RE: gcc 4.1 security features Dave Korn (Feb 18)
    - Re: gcc 4.1 security features Matt Conover (Feb 21)
- Re: gcc 4.1 security features Eduardo Tongson (Feb 17)
- <Possible follow-ups>
- Re: gcc 4.1 security features Phantasmal Phantasmagoria (Feb 21)