Date: Thu, 9 Jul 2015 12:25:49 +0200 From: Jann Horn <jann@...jh.net> To: oss-security@...ts.openwall.com Subject: Re: TR : CVE request for dash 0.5.7-3 x86-64 local buffer overflow On Mon, Jul 06, 2015 at 12:58:07PM +0000, jean-marie.bourbon@...aturetech.com wrote: > ==9241== Stack overflow in thread 1: can't grow stack to 0x7fe801ef8 > ==9241== > ==9241== Process terminating with default action of signal 11 (SIGSEGV): dumping core > [...] > It appear that the binary has only the NoeXecutable protection (and ASLR) with an interesting buffer overflow... that's why I'd like to > know how to make my small contribution on this subject. That looks like a stack overflow to me, not a buffer overflow on the stack. (So in X86 terms, the problem isn't that a pointer to the right of a buffer on a stack is used, the problem is that the stack pointer was decremented past the *left* end of the stack. To the left end of the stack of the main thread is a really big area of unallocated memory, so you get a segfault.) Are you sure this is a buffer overflow? Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.