Benjamin Juang (ibneko) wrote,
Benjamin Juang

Hacking: Dangling Pointers a security vulnerabliity?,289142,sid14_gci1265116,00.html?track=NL-102&ad=594850&asrc=EM_NLN_1844405&uid=608727

"The common thought is that this kind of problem isn't exploitable. But we looked at this and thought, wouldn't it be neat if we could implement our own code on this server?" said Danny Allan, research director at Watchfire, based in Waltham, Mass. "The problem before was, you had to override the exact location that the pointer was pointing to. It was considered impossible. But we discovered a way to do this with generic dangling pointers and run our own shell code."

So it'll work for languages that don't do any garbage collection automagically. So C/++... not Java, probably not Perl or PHP... Mmm...
Tags: hacking

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded