Log in

No account? Create an account
IBNeko's Journal-Nyo~!
Hacking: Dangling Pointers a security vulnerabliity?

"The common thought is that this kind of problem isn't exploitable. But we looked at this and thought, wouldn't it be neat if we could implement our own code on this server?" said Danny Allan, research director at Watchfire, based in Waltham, Mass. "The problem before was, you had to override the exact location that the pointer was pointing to. It was considered impossible. But we discovered a way to do this with generic dangling pointers and run our own shell code."

So it'll work for languages that don't do any garbage collection automagically. So C/++... not Java, probably not Perl or PHP... Mmm...


Leave catnip