Dailydave mailing list archives
Re: spike bug?
From: Avri <avri.schneider () gmail com>
Date: Tue, 9 Aug 2005 14:01:54 -0700
Ok... so I found a reference to this bug... Answer 'A' is not good enough imo- the socket being closed could mean that the connection was dropped by the target app due to an invalid parameter which does not cause a crash, and a different value may crash it. In my case, my XP box was patched and sending the bad RDP packet to it made it drop the connection (I forgot I left it on auto-update). But as I said, maybe a certain value would be treated differently causing a connection reset but no crash, but a certain different value would cause a crash... You might not get that different value sent due to spike exiting and not continuing the fuzzing... I think it's better to add "if (fd==-1) return(0);" s_fd_wait() which keeps the fuzzer going... Regards, Avri ======================================================
From PSHARMA4 at bloomberg.net Tue Aug 12 12:45:07 2003
From: PSHARMA4 at bloomberg.net (PRANAV SHARMA, BLOOMBERG/ 499 PARK) Date: Tue Aug 12 10:53:42 2003 Subject: [Spike] spike seg faults Message-ID: <2960_1095_1060703106_791@inet3-p057> Hi guys n gals, any idea what do u do with this: after running for some time the fuzzer seg faults: Couldn't tcp connect to target Program received signal SIGSEGV, Segmentation fault. 0x0804e9ac in s_fd_wait () at spike.c:1372 1372 FD_SET(fd, &rfds); Please let me know, thanks, JustDoIt.
From dave at immunitysec.com Tue Aug 12 17:52:36 2003
From: dave at immunitysec.com (dave () immunitysec com) Date: Tue Aug 12 16:52:39 2003 Subject: [Spike] spike seg faults In-Reply-To: <2960_1095_1060703106_791@inet3-p057> References: <2960_1095_1060703106_791@inet3-p057> Message-ID: <49787.24.193.40.199.1060721556.squirrel () www immunitysec com> A) One possibility is that SPIKE has killed the remote service...SPIKE then seg faults because I don't think that version has any error checking. :> B) Another possibility is that your SPIKE script is not closing sockets when it's done with them. This is causing your fd_set to get really large, which is overwriting various things on the stack. A fun security bug if your SPIKE script is setuid (which it's not). Hopefully the answer is A) since that means SPIKE has found some sort of bug in your target application. :> -dave _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- spike bug? Avri (Aug 09)
- Re: spike bug? Avri (Aug 09)