by Dan Rosenberg
In this paper, we will systematically evaluate the implementation of the Linux kernel SLOB allocator to assess exploitability. We will present new techniques for attacking the SLOB allocator, whose exploitation has not been publicly described. These techniques will apply to exploitation scenarios that become progressively more constrained, starting with an arbitrary length, arbitrary-contents heap overflow and concluding with an off-by-one NULL byte overflow.
This paper can be downloaded below.
Editor’s note: This work was originally published by VSR on January 22 2012 at https://www.vsecurity.com/download/publications/slob-exploitation.pdf. VSR is now a part of NCC Group, so we have migrated this content to research.nccgroup.com.