oss-security - Re: Re: CVE request: out-of-bounds write with cpio 2.11

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date: Fri, 29 Jan 2016 18:43:32 -0300
From: Gustavo Grieco <gustavo.grieco@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: Re: CVE request: out-of-bounds write with cpio 2.11

2016-01-29 17:52 GMT-03:00 anarcat <anarcat@...ngeseeds.org>:

> I can't actually reproduce this on Debian, which runs 2.11 all the way
> back to squeeze:
>
> (gdb) run -i < ../overflow.cpio
> Starting program: /bin/cpio -i < ../overflow.cpio
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library
> "/lib/x86_64-linux-gnu/libthread_db.so.1".
> /bin/cpio: Malformed number0000000
> /bin/cpio: warning: skipped 8 bytes of junk
> /bin/cpio: Substituting `.' for empty member name
> /bin/cpio: . not created: newer or same age version exists
> /bin/cpio: premature end of file
> [Inferior 1 (process 191) exited with code 02]
>
> Did i miss something?
>

Yeap, you need to user valgrind to expose this issue:

$ valgrind cpio -i < ../overflow.cpio



>
> a.
> --
> The United States is a nation of laws:
> badly written and randomly enforced.
>                         - Frank Zappa
>
>

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.