Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 26 Oct 2014 23:44:49 +0100
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Subject: Re: Re: strings / libbfd crasher

Am Sun, 26 Oct 2014 18:05:01 -0400 (EDT)
schrieb cve-assign@...re.org:

> There is currently no CVE ID for the
> psa-dont-run-strings-on-untrusted-files.html "0xdeadbabe October 25,
> 2014 7:20 PM" comment about "another one related with PE file headers
> parsing." In general, a separate discovery that's potentially
> exploitable for code execution could have its own CVE ID. Does anyone
> want a CVE ID for that?

The information in the comment is a bit scarce, it seems he hasn't
published his sample (?).
Anyway I checked the radare2-testsuite he was pointing to and found a
crasher in the PE parser, I don't know if this is the same one, but I
reported it upstream:
https://sourceware.org/bugzilla/show_bug.cgi?id=17512

As this is a write to uninitialized memory it seems to me a CVE is
deserved.

-- 
Hanno Bck
http://hboeck.de/

mail/jabber: hanno@...eck.de
GPG: BBB51E42

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ