Conference item
Gollum: modular and greybox exploit generation for heap overflows in interpreters
- Abstract:
- We present the first approach to automatic exploit generation for heap overflows in interpreters. It is also the first approach to exploit generation in any class of program that integrates a solution for automatic heap layout manipulation. At the core of the approach is a novel method for discovering exploit primitives—inputs to the target program that result in a sensitive operation, such as a function call or a memory write, utilizing attacker-injected data. To produce an exploit primitive from a heap overflow vulnerability, one has to discover a target data structure to corrupt, ensure an instance of that data structure is adjacent to the source of the overflow on the heap, and ensure that the post-overflow corrupted data is used in a manner desired by the attacker. Our system addresses all three tasks in an automatic, greybox, and modular manner. Our implementation is called GOLLUM, and we demonstrate its capabilities by producing exploits from 10 unique vulnerabilities in the PHP and Python interpreters, 5 of which do not have existing public exploits.
- Publication status:
- Published
- Peer review status:
- Peer reviewed
Actions
Access Document
- Files:
-
-
(Preview, Accepted manuscript, pdf, 1.1MB, Terms of use)
-
- Publisher copy:
- 10.1145/3319535.3354224
Authors
- Publisher:
- ACM Digital Library
- Host title:
- Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security
- Journal:
- Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security More from this journal
- Pages:
- 1689-1706
- Publication date:
- 2019-11-06
- Acceptance date:
- 2019-07-31
- DOI:
- ISBN:
- 9781450367479
- Keywords:
- Pubs id:
-
pubs:1039998
- UUID:
-
uuid:2df77994-1bcf-4ae8-85a1-5619191fe829
- Local pid:
-
pubs:1039998
- Source identifiers:
-
1039998
- Deposit date:
-
2019-08-08
- ARK identifier:
Terms of use
- Copyright holder:
- Heelan, S et al
- Copyright date:
- 2019
- Notes:
- © 2019 Copyright held by the owner/author(s). This is a conference paper presented at the 26th ACM Conference on Computer and Communications Security, November 11-15, 2019, London, UK. This is an author version of the article. The final version is available online from the publisher's website
If you are the owner of this record, you can report an update to it here: Report update to this record