Date: Sat, 12 Nov 2016 09:39:45 +0100 From: Ondřej Surý <ondrej@...y.org> To: oss-security@...ts.openwall.com, Debian Security Team <team@...urity.debian.org>, Dariusz Dwornikowski <dariusz.dwornikowski@...put.poznan.pl>, Sam Trenholme <sam-k6mymjcnjpz3fmkieotlt7rbgvqt98qy@...iam.org> Subject: Remote crash in MaraDNS 2.0.13 and git master Hi, while playing with fuzzing the DNS servers with AFL (2.35b) I found a remote crash bug in MaraDNS 2.0.13 js_readuint16. It can be also reproduced using https://github.com/samboy/MaraDNS/ master branch. Attached is patch to allow the fuzzing (it overrides getudp() with read(0, ..)), the input data that crashes MaraDNS, and the bt full output. Please assign CVE, I would provide a patch, but MaraDNS code is extremely hard to navigate for me, so I'll leave the fix for the code author. AFL has finished only 1 cycle (and found the 1 unique crash), so I'll keep it running for a while. Cheers, -- Ondřej Surý <ondrej@...y.org> Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware, fast DNS(SEC) resolver Vše pro chleba (https://vseprochleba.cz) – Mouky ze mlýna a potřeby pro pečení chleba všeho druhu Download attachment "maradns.btfull" of type "application/octet-stream" (3678 bytes) View attachment "allow-fuzzing.patch" of type "text/x-patch" (1799 bytes) Download attachment "id:000000,sig:11,src:007564,op:havoc,rep:32" of type "application/octet-stream" (23 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ