Date: Fri, 24 Oct 2014 22:18:50 +0200 From: Hanno Böck <hanno@...eck.de> To: oss-security@...ts.openwall.com Subject: Re: strings / libbfd crasher I've checked the upstream patch they pointed me to: https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=bd25671c6f202c4a5108883caa2adb24ff6f361f Unfortunately this mixes in another change that is a revert, so it doesn't apply cleanly to the current release (2.24), if anyone needs it I've re-diffed it: https://files.hboeck.de/binutils-2.24-fix-crash.diff This fixes the original stringme and strinmetoo from mancha, but not the latest sample von Michal: Am Fri, 24 Oct 2014 12:10:31 -0700 schrieb Michal Zalewski <lcamtuf@...edump.cx>: > I do have a bunch more that seem exploitable, though - for example: > > http://lcamtuf.coredump.cx/strings-bfd-badfree - does this repro for > people (I tried with binutils 2.24)? I checked with the upstream patch and this seems still vulnerable. > I don't understand the user benefit of extracting strings only from > certain sections of executables, and I almost feel like it's a side > effect of strings being a part of binutils more than anything else. I fully agree. I wasn't aware strings does any kind of executable parsing and I was very surprised that there is any attack vector at all against it at all. -- Hanno Böck http://hboeck.de/ mail/jabber: hanno@...eck.de GPG: BBB51E42 Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.