Results 1 to 4 of 4

Thread: Double free bugs details?

  1. May 28th, 2003, 10:37 PM #1
    ammo
    ammo is offline
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027

    Double free bugs details?

    Does anyone have an explanation as to how a double free bug becomes a security vulnerability? I mean, asside than "a double free is when you free() a pointer twice..."

    IE:
    How does free() behave when double freeing?
    What makes it possible to execute arbitrary code when exploiting a double free?


    Ammo
    Credit travels up, blame travels down -- The Boss
    Reply With Quote Reply With Quote
  2. May 29th, 2003, 12:52 AM #2
    bigb
    bigb is offline
    Member
    Join Date
    Mar 2003
    Posts
    50
    Gotcha a good article from Security Focus This is a published exploit.

    Also, CERT Lays down some good basics on the subject.
    Reply With Quote Reply With Quote
  3. May 29th, 2003, 01:13 AM #3
    ammo
    ammo is offline
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    Thanks bigb!
    I had already found the cert article and found it relatively un-helpful but the security focus post is gold! Gotta admit this is some deep stuff! I can't start to think as to how these people figure out / think of such bugs and exploit!


    Ammo
    Credit travels up, blame travels down -- The Boss
    Reply With Quote Reply With Quote
  4. May 29th, 2003, 01:17 AM #4
    bigb
    bigb is offline
    Member
    Join Date
    Mar 2003
    Posts
    50
    Yeah, it's gotta take some serious dedication and time. A real hardcore type.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules