Double free bugs details?
Results 1 to 4 of 4

Thread: Double free bugs details?

  1. #1
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027

    Double free bugs details?

    Does anyone have an explanation as to how a double free bug becomes a security vulnerability? I mean, asside than "a double free is when you free() a pointer twice..."

    IE:
    How does free() behave when double freeing?
    What makes it possible to execute arbitrary code when exploiting a double free?


    Ammo
    Credit travels up, blame travels down -- The Boss

  2. #2
    Member
    Join Date
    Mar 2003
    Posts
    50
    Gotcha a good article from Security Focus This is a published exploit.

    Also, CERT Lays down some good basics on the subject.

  3. #3
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    Thanks bigb!
    I had already found the cert article and found it relatively un-helpful but the security focus post is gold! Gotta admit this is some deep stuff! I can't start to think as to how these people figure out / think of such bugs and exploit!


    Ammo
    Credit travels up, blame travels down -- The Boss

  4. #4
    Member
    Join Date
    Mar 2003
    Posts
    50
    Yeah, it's gotta take some serious dedication and time. A real hardcore type.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •