Benjamin Juang (ibneko) wrote,
Benjamin Juang
ibneko

Hacking: Dangling Pointers a security vulnerabliity?

http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1265116,00.html?track=NL-102&ad=594850&asrc=EM_NLN_1844405&uid=608727

...
"The common thought is that this kind of problem isn't exploitable. But we looked at this and thought, wouldn't it be neat if we could implement our own code on this server?" said Danny Allan, research director at Watchfire, based in Waltham, Mass. "The problem before was, you had to override the exact location that the pointer was pointing to. It was considered impossible. But we discovered a way to do this with generic dangling pointers and run our own shell code."
...


So it'll work for languages that don't do any garbage collection automagically. So C/++... not Java, probably not Perl or PHP... Mmm...
Tags: hacking
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 0 comments