Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 26 May 2015 14:54:59 +0800
From: Kai Zhao <>
Subject: Re: Fuzzing Report on wordlist, rules, chr

Hi Alexander,

There are several bugs have been found with JtR 1.7.  I want to
describe each bug in an email to make it clear.

First bug with JtR 1.7

1. Build with asan

2. Crack LM format

$ cat lm_fmt

$ ../john  lm_fmt
Loaded 1 password hash (NT LM DES [64/64 BS])
==11682==ERROR: AddressSanitizer: global-buffer-overflow on address
0x0000004d6fc0 at pc 0x417b2f bp 0x7ffe35252860 sp 0x7ffe35252858
READ of size 4 at 0x0000004d6fc0 thread T0
    #0 0x417b2e in DES_bs_set_key_LM
    #1 0x4716da in fmt_self_test
    #2 0x46ca04 in crk_init
    #3 0x4af18f in single_init
    #4 0x4af18f in do_single_crack
    #5 0x448044 in do_single_pass
    #6 0x448044 in do_batch_crack
    #7 0x4056dd in john_run
    #8 0x4056dd in main
    #9 0x7fd045ca5ec4 in __libc_start_main
    #10 0x4064f5

The bug is in DES_bs.c::DES_bs_set_key_LM(), and now it has been
fixed in JtR 1.8.0.



Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.