Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 27 Oct 2014 03:50:30 +0300
From: Alexander Cherepanov <cherepan@...me.ru>
To: oss-security@...ts.openwall.com
Subject: Re: Re: strings / libbfd crasher

On 2014-10-27 01:05, cve-assign@...re.org wrote:
> There is currently no CVE ID for the
> psa-dont-run-strings-on-untrusted-files.html "0xdeadbabe October 25,
> 2014 7:20 PM" comment about "another one related with PE file headers
> parsing." In general, a separate discovery that's potentially
> exploitable for code execution could have its own CVE ID. Does anyone
> want a CVE ID for that?

I don't know whether it's the same crash or not but I've dug results of 
my older experiments with zzuf. Attached are two crasher for `objdump 
-x` -- one pe and one elf. elf also crashes `strings`. Sorry, not 
researched.

-- 
Alexander Cherepanov

Download attachment "objdump-pe-crasher.xz" of type "application/x-xz" (336 bytes)

Download attachment "objdump-elf-crasher.xz" of type "application/x-xz" (1552 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ