Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 29 Apr 2013 02:12:17 +0200
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: Yet more crashes

On 28 Apr, 2013, at 18:46 , Alexander Cherepanov <cherepan@...me.ru> wrote:
> I made my "fuzzer" a bit more aggressive and found some more crashes. Posting new and remaining old problems combined.
> 
> The following formats crashes now:
> dmg
> dynamic_21
> episerver
> gpg
> mongodb
> mschapv2
> netntlmv2

I'll look into mschapv2 and ntlmv2 now.

> pdf
> pkzip
> putty
> rar

I am not going to fix RAR. It is supposed to read input files created by rar2john and it does a bunch of sanity checks. The input format is so complex it would be nearly impossible to become immune against a hacked up input line.

> salted-sha1

Fixed (nsldap and ssha-opencl also got fixes). These three really should be safe with any improper input now.

magnum


> sunmd5
> sxc
> wbb3
> 
> Plus undrop, plus some formats print garbage.



Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ