oss-security - Re: TR : CVE request for dash 0.5.7-3 x86-64 local buffer overflow

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Date: Thu, 9 Jul 2015 12:25:49 +0200
From: Jann Horn <jann@...jh.net>
To: oss-security@...ts.openwall.com
Subject: Re: TR : CVE request for dash 0.5.7-3  x86-64 local
 buffer overflow

On Mon, Jul 06, 2015 at 12:58:07PM +0000, jean-marie.bourbon@...aturetech.com wrote:
> ==9241== Stack overflow in thread 1: can't grow stack to 0x7fe801ef8
> ==9241==
> ==9241== Process terminating with default action of signal 11 (SIGSEGV): dumping core
> [...]
> It appear that the binary has only the NoeXecutable protection (and ASLR) with an interesting buffer overflow... that's why I'd like to
> know how to make my small contribution on this subject.

That looks like a stack overflow to me, not a buffer overflow on the stack. (So in
X86 terms, the problem isn't that a pointer to the right of a buffer on a stack is
used, the problem is that the stack pointer was decremented past the *left* end of
the stack. To the left end of the stack of the main thread is a really big area of
unallocated memory, so you get a segfault.)

Are you sure this is a buffer overflow?

Content of type "application/pgp-signature" skipped

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.