Groups | Search | Server Info | Keyboard shortcuts | Login | Register
Groups > gnu.utils.bug > #2232
| From | Salvatore Bonaccorso <carnil@debian.org> |
|---|---|
| Newsgroups | gnu.utils.bug |
| Subject | Re: Vulnerability Report on Sharutils 4.15.2 |
| Date | 2018-03-25 19:51 +0200 |
| Message-ID | <mailman.11228.1522010166.27995.bug-gnu-utils@gnu.org> (permalink) |
| References | <47a93dc0-b0f9-9dc7-593e-ce7f96f56e19@gmail.com> |
Hi On Wed, Feb 21, 2018 at 03:06:34PM +0800, nafiez wrote: > Hi, > > Below are the details of the issue we found during fuzzing "unshar". > Was trying to compile with ASAN however doesn't work at all (could be > missing something that's why not worked). However, I did this manually > verified. Attached is the fuzzed file (password: abc123). > > john@fuzzing:~/sharutils-4.15.2/src/crashed_unshar$ gdb -q ../unshar > Reading symbols from ../unshar...done. > (gdb) r 2.fuzz > Starting program: /home/john/sharutils-4.15.2/src/unshar 2.fuzz > [Thread debugging using libthread_db enabled] > Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1". > 2.fuzz: > Segmentation fault > > Program received signal SIGPIPE, Broken pipe. > 0xb7fd9ce5 in __kernel_vsyscall () > (gdb) bt > #0 0xb7fd9ce5 in __kernel_vsyscall () > #1 0xb797bb93 in __write_nocancel () at > ../sysdeps/unix/syscall-template.S:84 > #2 0xb790f0b1 in _IO_new_file_write (f=0xb4103b50, data=0xb6100100, > n=4096) at fileops.c:1263 > #3 0xb790e3e4 in new_do_write (fp=fp@entry=0xb4103b50, > data=data@entry=0xb6100100 "", to_do=to_do@entry=4096) at fileops.c:518 > #4 0xb790f775 in _IO_new_file_xsputn (f=0xb4103b50, data=0xb6100100, > n=4096) at fileops.c:1342 > #5 0xb790e01e in __GI_fwrite_unlocked (buf=0xb6100100, size=1, > count=4096, fp=0xb4103b50) at iofwrite_u.c:43 > #6 0x0804c2df in unshar_file (name=0xbffff1e4 "2.fuzz", > file=0xb4903bc0) at unshar.c:396 > #7 0x0804a2f5 in validate_fname (fname=0xbffff1e4 "2.fuzz") at > unshar-opts.c:604 > #8 main (argc=2, argv=0xbfffefb4) at unshar-opts.c:639 > > Further verification of the source code, we found the issue was on the > line unshar.c:396 which is broken when performed write. Issue seems to > be more on memory corruption. Has this issue been further looked at and is there a patch available for the issue? Does it need a CVE assigned? Regards, Salvatore
Back to gnu.utils.bug | Previous | Next | Find similar
Re: Vulnerability Report on Sharutils 4.15.2 Salvatore Bonaccorso <carnil@debian.org> - 2018-03-25 19:51 +0200
csiph-web