Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 10 May 2017 10:59:34 -0500
From: Brandon Perry <bperry.volatile@...il.com>
To: fulldisclosure@...lists.org,
 oss-security@...ts.openwall.com
Subject: Re: Numerous FreeTDS crashes fixed on master

I was asked what software this affects.

PHP - http://www.freetds.org/userguide/php.htm <http://www.freetds.org/userguide/php.htm>
Perl DBI - http://www.peppler.org/freeware/dbd-sybase.html <http://www.peppler.org/freeware/dbd-sybase.html>
Ruby DBI w/ Sybase - http://stackoverflow.com/questions/721960/connecting-to-sql-server-with-activerecord <http://stackoverflow.com/questions/721960/connecting-to-sql-server-with-activerecord>
Python-Sybase - http://python-sybase.sourceforge.net/index.html <http://python-sybase.sourceforge.net/index.html>

Other languages have less-official bindings.

Go - https://github.com/minus5/gofreetds <https://github.com/minus5/gofreetds>
Erlang - http://arcusfelis.github.io/blog/2012/07/02/odbc/ <http://arcusfelis.github.io/blog/2012/07/02/odbc/>
R - http://eriqande.github.io/2014/12/19/setting-up-rodbc.html <http://eriqande.github.io/2014/12/19/setting-up-rodbc.html>


Also, obviously the tsql binary if used to connect to an untrusted MSSQL/Sybase server.

> On May 9, 2017, at 9:34 AM, Brandon Perry <bperry.volatile@...il.com> wrote:
> 
> Attached is a zip file of reported TDS streams that cause segmentation faults in the FreeTDS library. The ‘tsql’ binary was used for the fuzzing, so these most likely only affect client-side functionality. These have been resolved on master and the 1.0 branch.
> 
> Also included in the zip file is a bucket.txt, a crashwalk db dump detailing the crashes for the files in the zip file.
> 
> You can find the bucket.txt itself in the following Github gist as well. No CVE’s have been requested.
> 
> https://gist.github.com/brandonprry/bfb0e58682d464e2d2d319644790bdf5 <https://gist.github.com/brandonprry/bfb0e58682d464e2d2d319644790bdf5>
> 
> To test, you can compile FreeTDS, then use preeny to redirect network IO to stdin/stdout.
> 
> export LD_PRELOAD=~/preeny/x86_64-linux-gnu/desock.so
> unzip freetds_crashed.zip
> cd rpt
> for i in id*; do valgrind ~/freetds/build/src/apps/tsql -S 127.0.0.1 -U fdsa -P fdsa -I ~/tdsconfig < $i; done
> 
> A simple tdsconfig file can be used to speed things up a bit.
> 
> [global]
> timeout = 1
> connect timeout = 1
> 
> 
> Many thanks to Frediano Ziglio, the maintainer of FreeTDS, for quick communication and bug fix turn arounds.
> 
> <freetds_crashes.zip>


Content of type "text/html" skipped

Download attachment "signature.asc" of type "application/pgp-signature" (802 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.