Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 1 Jan 2014 22:14:09 +0100
From: Frank Dittrich <frank_dittrich@...mail.com>
To: john-dev@...ts.openwall.com
Subject: Re: Some bleeding-jumbo formats with SEGV and ABRT

On 12/28/2013 10:07 PM, Frank Dittrich wrote:
> I used Alexander's fuzzing scripts.
> Django, netlmv2, openssl-enc and rar formats failed with SEGV.
> LUKS format failed with ABRT.

The netlmv2 is not reproducible with linux-x86-native, all the others are.

The rar crash only occurs when cracking has started (i.e., not with
--wordlist=<empty_file>.
All the other crashes are reproducible even with an empty word list.


Here's another hash which causes a crash in openssl-enc.
It is much shorter than the one I included in my previous mail:

$openssl$0$0$8$305cedc2a0521011$bf11609a01e78ec3f50f0cc483e636f9$1$1$


Further testing also revealed another bug:
The attached file fail_clipperz causes a failing self test, reproducible
with linux-x86-native and linux-x86-64-native:

(bleeding-jumbo)run $ ./john fail_clipperz
Loaded 2 password hashes with 2 different salts (Clipperz, SRP [SHA256
32/32 oSSL-exp])
Self test failed (get_hash[0](0))

./john --test works for --format=clipperz.

But each of the two lines in fail_clipperz causes the self test to fail.
I guess valid() needs to be enhanced to avoid loading these hashes.

Frank

View attachment "fail_clipperz" of type "text/plain" (326 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ