Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 26 May 2015 14:54:59 +0800
From: Kai Zhao <loverszhao@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: Fuzzing Report on wordlist, rules, chr

Hi Alexander,

There are several bugs have been found with JtR 1.7.  I want to
describe each bug in an email to make it clear.

First bug with JtR 1.7
-----------------------------

1. Build with asan

2. Crack LM format

$ cat lm_fmt
kai:$LM$cbc501a4d2227738

$ ../john  lm_fmt
Loaded 1 password hash (NT LM DES [64/64 BS])
==11682==ERROR: AddressSanitizer: global-buffer-overflow on address
0x0000004d6fc0 at pc 0x417b2f bp 0x7ffe35252860 sp 0x7ffe35252858
READ of size 4 at 0x0000004d6fc0 thread T0
    #0 0x417b2e in DES_bs_set_key_LM
/home/zhaokai/WorkSpace/open_wall/john-1.7_asan/src/DES_bs.c:264
    #1 0x4716da in fmt_self_test
/home/zhaokai/WorkSpace/open_wall/john-1.7_asan/src/formats.c:71
    #2 0x46ca04 in crk_init
/home/zhaokai/WorkSpace/open_wall/john-1.7_asan/src/cracker.c:58
    #3 0x4af18f in single_init
/home/zhaokai/WorkSpace/open_wall/john-1.7_asan/src/single.c:123
    #4 0x4af18f in do_single_crack
/home/zhaokai/WorkSpace/open_wall/john-1.7_asan/src/single.c:372
    #5 0x448044 in do_single_pass
/home/zhaokai/WorkSpace/open_wall/john-1.7_asan/src/batch.c:19
    #6 0x448044 in do_batch_crack
/home/zhaokai/WorkSpace/open_wall/john-1.7_asan/src/batch.c:44
    #7 0x4056dd in john_run
/home/zhaokai/WorkSpace/open_wall/john-1.7_asan/src/john.c:286
    #8 0x4056dd in main
/home/zhaokai/WorkSpace/open_wall/john-1.7_asan/src/john.c:345
    #9 0x7fd045ca5ec4 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
    #10 0x4064f5
(/home/zhaokai/WorkSpace/open_wall/john-1.7_asan/run/john+0x4064f5)

The bug is in DES_bs.c::DES_bs_set_key_LM(), and now it has been
fixed in JtR 1.8.0.


Thanks,

Kai

[ CONTENT OF TYPE text/html SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ