oss-sec mailing list archives
Re: strings / libbfd crasher
From: mancha <mancha1 () zoho com>
Date: Fri, 24 Oct 2014 22:38:32 +0000
On Fri, Oct 24, 2014 at 12:10:31PM -0700, Michal Zalewski wrote:
I do have a bunch more that seem exploitable, though - for example: http://lcamtuf.coredump.cx/strings-bfd-badfree - does this repro for people (I tried with binutils 2.24)?
Yes.
I think that given the expectations people have around what strings does and whether it's safe to run on untrusted binaries, I'd seriously question the wisdom of making it use libbfd, at least by default; perhaps distros want to consider non-upstream patches that default to the -a mode, instead?
Unfortunately, the buggy code can be arrived at via multiple entry points (e.g. objdump -p or nm on stringme, stringmetoo, and strings-bfd-badfree). Those are also commonly used on untrusted binaries (e.g. forensics). Fixing the core issues seems the way to go. --mancha
Attachment:
_bin
Description:
Current thread:
- Re: strings / libbfd crasher, (continued)
- Re: strings / libbfd crasher Michal Zalewski (Oct 23)
- Re: strings / libbfd crasher Dave Rutherford (Oct 23)
- Re: strings / libbfd crasher mancha (Oct 23)
- Re: strings / libbfd crasher mancha (Oct 24)
- Re: strings / libbfd crasher Hanno Böck (Oct 24)
- Re: strings / libbfd crasher Michal Zalewski (Oct 24)
- Re: strings / libbfd crasher Michal Zalewski (Oct 24)
- Re: strings / libbfd crasher Hanno Böck (Oct 24)
- Re: strings / libbfd crasher Michal Zalewski (Oct 24)
- Re: strings / libbfd crasher Tavis Ormandy (Oct 24)
- Re: strings / libbfd crasher mancha (Oct 24)
- Re: strings / libbfd crasher Michal Zalewski (Oct 23)
- Re: Re: strings / libbfd crasher Hanno Böck (Oct 26)
- Re: strings / libbfd crasher cve-assign (Oct 30)
- Re: Re: strings / libbfd crasher Alexander Cherepanov (Nov 02)
- Re: Re: strings / libbfd crasher Hanno Böck (Nov 02)
- Re: Re: strings / libbfd crasher Michal Zalewski (Nov 02)
- Re: Re: strings / libbfd crasher Jann Horn (Nov 02)
- Re: Re: strings / libbfd crasher Alexander Cherepanov (Nov 04)
- Re: Re: strings / libbfd crasher Michal Zalewski (Nov 04)
- Re: Re: strings / libbfd crasher Alexander Cherepanov (Nov 11)