Skip to main content
Information Security

Questions tagged [glibc]

Ask Question

The GNU C Library (glibc) is the GNU Project's implementation of the C standard library.

35 questions
Newest Active Bountied Unanswered
1 vote
0 answers
47 views

I'm trying to understand how in glibc 2.3.5 arena_get function (called by public_mALLOc) will return the arena_key in house of prime exploit, where the arena_key is first overridden to the value of ...
danielsa5's user avatar
  • 11
1 vote
0 answers
65 views

We use a Python web framework and gunicornlibrary on top of Docker to power a web application with a frontend in a private cloud that can be accessed by a private network. Our security tools report ...
Brogrammer's user avatar
  • 63
12 votes
2 answers
4k views

The Linux dynamic linker includes a mechanism of dynamically loading arbitrary code into every process using the LD_PRELOAD environment variable and the /etc/ld.so/preload file. This sounds dangerous ...
Egor Sozonov's user avatar
  • 137
0 votes
0 answers
250 views

I am trying to do a returntolibc exploit. The goal is to gain a shell with root privilege by calling setuid(0) and then system("/bin/sh"). I have been agonizing over trying to get this thing ...
germphjd's user avatar
  • 1
2 votes
1 answer
330 views

This is with reference to Max Kamper's video on GLIBC heap exploitation and these articles I read https://www.crow.rip/crows-nest/binexp/heap/house-of-force-i https://www.crow.rip/crows-nest/binexp/...
localacct's user avatar
  • 209
2 votes
2 answers
413 views

I stumbled across a vulnerability considered a critical security risk (CVE-2023-25139) in one of container images I build. Debian's security tracker states it's fixed: https://security-tracker.debian....
Roman Grazhdan's user avatar
  • 23
0 votes
0 answers
186 views

Let's assume we have this simple program: void main() { int x; printf("%p", &x); } Assuming the stack is mapped something like this: 0x007ffffffdd000 0x007ffffffff000 ...
milck's user avatar
  • 101
0 votes
1 answer
168 views

According to docs: To hash a new passphrase for storage, set salt to a string consisting of [a prefix plus] a sequence of randomly chosen characters ... and In all cases, the random characters ...
Anthony's user avatar
  • 103
2 votes
1 answer
3k views

I'm currently studying binary heap exploitation (mainly the glibc (ptmalloc2) implementation), for CTF competitions. The problem I'm facing is debugging challenges designed for a certain glibc version....
Z. Alessandro's user avatar
  • 23
1 vote
0 answers
997 views

I am working on my school thesis. I am trying to inject some shellcode into a shared library using Dirty Cow vulnerability on Android x86. My shellcode is written in asembly and only calls ...
Topper Harley's user avatar
  • 153
9 votes
1 answer
1k views

I found this interesting post on jop, and since I was not familiar with the concept I decided to play with it. I managed to call arbitrary functions defined in my binary with or without arguments, but ...
dearn44's user avatar
  • 193
4 votes
1 answer
889 views

I'm studying the Return-to-libc Attack and I understand the concept. But one thing still does not make sense. In order to make the attack I need the memory address of system() and "/bin/sh", which is ...
Spring's user avatar
  • 243
6 votes
2 answers
47k views

So I tried performing a return-to-libc according to https://sploitfun.wordpress.com/2015/05/08/bypassing-nx-bit-using-return-to-libc/ . I found libc's address by using "ldd vuln", and found system's ...
Jonathan's user avatar
  • 73
1 vote
1 answer
777 views

I'm exercising with ROP. In a vulnerable program I control the RIP, use "ropeme" and search for gadgets I find many references to 32 bits long registers, but not a single extended register. I need a ...
Yvain's user avatar
  • 89
5 votes
1 answer
7k views

I was reading this article by the InfoSec institute: http://resources.infosecinstitute.com/an-introduction-to-returned-oriented-programming-linux/#gref And was able to follow along until he did the ...
alloy's user avatar
  • 51

15 30 50 per page
1
2 3