Date: Thu, 9 Jul 2015 12:25:49 +0200 From: Jann Horn <jann@...jh.net> To: oss-security@...ts.openwall.com Subject: Re: TR : CVE request for dash 0.5.7-3 x86-64 local buffer overflow On Mon, Jul 06, 2015 at 12:58:07PM +0000, jean-marie.bourbon@...aturetech.com wrote: > ==9241== Stack overflow in thread 1: can't grow stack to 0x7fe801ef8 > ==9241== > ==9241== Process terminating with default action of signal 11 (SIGSEGV): dumping core > [...] > It appear that the binary has only the NoeXecutable protection (and ASLR) with an interesting buffer overflow... that's why I'd like to > know how to make my small contribution on this subject. That looks like a stack overflow to me, not a buffer overflow on the stack. (So in X86 terms, the problem isn't that a pointer to the right of a buffer on a stack is used, the problem is that the stack pointer was decremented past the *left* end of the stack. To the left end of the stack of the main thread is a really big area of unallocated memory, so you get a segfault.) Are you sure this is a buffer overflow? [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ