oss-sec mailing list archives
Re: Re: CVE request: out-of-bounds write with cpio 2.11
From: Gustavo Grieco <gustavo.grieco () gmail com>
Date: Fri, 29 Jan 2016 18:43:32 -0300
2016-01-29 17:52 GMT-03:00 anarcat <anarcat () orangeseeds org>:
I can't actually reproduce this on Debian, which runs 2.11 all the way back to squeeze: (gdb) run -i < ../overflow.cpio Starting program: /bin/cpio -i < ../overflow.cpio [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". /bin/cpio: Malformed number0000000 /bin/cpio: warning: skipped 8 bytes of junk /bin/cpio: Substituting `.' for empty member name /bin/cpio: . not created: newer or same age version exists /bin/cpio: premature end of file [Inferior 1 (process 191) exited with code 02] Did i miss something?
Yeap, you need to user valgrind to expose this issue: $ valgrind cpio -i < ../overflow.cpio
a.
--
The United States is a nation of laws:
badly written and randomly enforced.
- Frank Zappa
Current thread:
- CVE request: out-of-bounds write with cpio 2.11 Gustavo Grieco (Jan 19)
- Re: CVE request: out-of-bounds write with cpio 2.11 Hanno Böck (Jan 19)
- Re: CVE request: out-of-bounds write with cpio 2.11 Gustavo Grieco (Jan 19)
- Re: CVE request: out-of-bounds write with cpio 2.11 cve-assign (Jan 22)
- Re: CVE request: out-of-bounds write with cpio 2.11 anarcat (Jan 29)
- Re: Re: CVE request: out-of-bounds write with cpio 2.11 Gustavo Grieco (Jan 29)
- Re: CVE request: out-of-bounds write with cpio 2.11 Gustavo Grieco (Feb 12)
- Re: CVE request: out-of-bounds write with cpio 2.11 Hanno Böck (Jan 19)