[Security] Matasano C++ code review challenge

aestetix aestetix aestetix at gmail.com
Fri Oct 16 23:12:07 UTC 2009


Matasano posted an update, including a link to a walkthrough solution to
this challenge:

http://timetobleed.com/defeating-the-matasano-c-challenge-with-aslr-enabled/

On Tue, Oct 13, 2009 at 11:28 AM, aestetix aestetix <aestetix at gmail.com>wrote:

> http://chargen.matasano.com/chargen/2009/10/9/a-c-challenge.html
>
> From their blog post:
>
> "C++ lends itself to much more complex<http://em386.blogspot.com/2009/06/fun-with-erase.html>
> vulnerabilities<http://taossa.com/index.php/2007/01/03/attacking-delete-and-delete-in-c/>then plain old C. From templates to string classes, C++ raises the skill
> level required to play the memory corruption game. And while the quality of
> C/C++ code we see has increased dramatically over the years, a lot of
> developers still don’t understand the more obscure C++ bug classes. I
> recently found a vulnerable C++ code pattern that I wanted to share with our
> readers. But instead of just writing some boring technical blog post,
> Matasano would like to present a C++ audit challenge to our audience. It
> consists of a contrived vulnerability that follows the same vulnerable code
> pattern. "
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.noisebridge.net/pipermail/security/attachments/20091016/772f1903/attachment-0003.html>


More information about the Security mailing list