Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 9 Jul 2015 12:25:49 +0200
From: Jann Horn <jann@...jh.net>
To: oss-security@...ts.openwall.com
Subject: Re: TR : CVE request for dash 0.5.7-3  x86-64 local
 buffer overflow

On Mon, Jul 06, 2015 at 12:58:07PM +0000, jean-marie.bourbon@...aturetech.com wrote:
> ==9241== Stack overflow in thread 1: can't grow stack to 0x7fe801ef8
> ==9241==
> ==9241== Process terminating with default action of signal 11 (SIGSEGV): dumping core
> [...]
> It appear that the binary has only the NoeXecutable protection (and ASLR) with an interesting buffer overflow... that's why I'd like to
> know how to make my small contribution on this subject.

That looks like a stack overflow to me, not a buffer overflow on the stack. (So in
X86 terms, the problem isn't that a pointer to the right of a buffer on a stack is
used, the problem is that the stack pointer was decremented past the *left* end of
the stack. To the left end of the stack of the main thread is a really big area of
unallocated memory, so you get a segfault.)

Are you sure this is a buffer overflow?

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ