Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 19 Jan 2016 20:48:10 +0800
From: Qixue Xiao <s2exqx@...il.com>
To: oss-security@...ts.openwall.com, cve-assign@...re.org
Subject: Fwd: out of bound write in libdwarf -20151114

we found  an out of bound write in libdwarf -20151114.

we run it with valgrind , the result as follows:

============================================
$ valgrind ./dwarfdump -ka aw.elf
==5358== Memcheck, a memory error detector
==5358== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==5358== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info
==5358== Command: ../../llvm-codes/dwarf-20151114/dwarfdump/dwarfdump -ka aw.elf
==5358==
==5358== Invalid write of size 8
==5358==    at 0x40DA25: get_abbrev_array_info (in
/home/xqx/test/libdwarf-test/llvm-codes/dwarf-20151114/dwarfdump/dwarfdump)
==5358==    by 0x40FD92: print_one_die_section (in
/home/xqx/test/libdwarf-test/llvm-codes/dwarf-20151114/dwarfdump/dwarfdump)
==5358==    by 0x40ED22: print_infos (in
/home/xqx/test/libdwarf-test/llvm-codes/dwarf-20151114/dwarfdump/dwarfdump)
==5358==    by 0x4050DE: process_one_file (in
/home/xqx/test/libdwarf-test/llvm-codes/dwarf-20151114/dwarfdump/dwarfdump)
==5358==    by 0x403C1B: main (in
/home/xqx/test/libdwarf-test/llvm-codes/dwarf-20151114/dwarfdump/dwarfdump)
==5358==  Address 0x541fc00 is 18,352 bytes inside an unallocated
block of size 4,156,304 in arena "client"
==5358==

please see the attachment for the bug elf.

the vulnerability is found by Qixue Xiao at Tsinghua University.

[ CONTENT OF TYPE application/octet-stream SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ