oss-sec mailing list archives
Re: strings / libbfd crasher
From: Hanno Böck <hanno () hboeck de>
Date: Fri, 24 Oct 2014 22:18:50 +0200
I've checked the upstream patch they pointed me to: https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=bd25671c6f202c4a5108883caa2adb24ff6f361f Unfortunately this mixes in another change that is a revert, so it doesn't apply cleanly to the current release (2.24), if anyone needs it I've re-diffed it: https://files.hboeck.de/binutils-2.24-fix-crash.diff This fixes the original stringme and strinmetoo from mancha, but not the latest sample von Michal: Am Fri, 24 Oct 2014 12:10:31 -0700 schrieb Michal Zalewski <lcamtuf () coredump cx>:
I do have a bunch more that seem exploitable, though - for example: http://lcamtuf.coredump.cx/strings-bfd-badfree - does this repro for people (I tried with binutils 2.24)?
I checked with the upstream patch and this seems still vulnerable.
I don't understand the user benefit of extracting strings only from certain sections of executables, and I almost feel like it's a side effect of strings being a part of binutils more than anything else.
I fully agree. I wasn't aware strings does any kind of executable parsing and I was very surprised that there is any attack vector at all against it at all. -- Hanno Böck http://hboeck.de/ mail/jabber: hanno () hboeck de GPG: BBB51E42
Attachment:
signature.asc
Description:
Current thread:
- strings / libbfd crasher Hanno Böck (Oct 23)
- Re: strings / libbfd crasher Michal Zalewski (Oct 23)
- Re: strings / libbfd crasher Dave Rutherford (Oct 23)
- Re: strings / libbfd crasher mancha (Oct 23)
- Re: strings / libbfd crasher mancha (Oct 24)
- Re: strings / libbfd crasher Hanno Böck (Oct 24)
- Re: strings / libbfd crasher Michal Zalewski (Oct 24)
- Re: strings / libbfd crasher Michal Zalewski (Oct 24)
- Re: strings / libbfd crasher Hanno Böck (Oct 24)
- Re: strings / libbfd crasher Michal Zalewski (Oct 24)
- Re: strings / libbfd crasher Tavis Ormandy (Oct 24)
- Re: strings / libbfd crasher mancha (Oct 24)
- Re: strings / libbfd crasher Michal Zalewski (Oct 23)
- Re: Re: strings / libbfd crasher Hanno Böck (Oct 26)
- Re: strings / libbfd crasher cve-assign (Oct 30)
- Re: Re: strings / libbfd crasher Alexander Cherepanov (Nov 02)
- Re: Re: strings / libbfd crasher Hanno Böck (Nov 02)
- Re: Re: strings / libbfd crasher Michal Zalewski (Nov 02)
- Re: Re: strings / libbfd crasher Jann Horn (Nov 02)