Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > gnu.utils.bug > #2233
| Path | csiph.com!weretis.net!feeder6.news.weretis.net!nntp.club.cc.cmu.edu!micro-heart-of-gold.mit.edu!bloom-beacon.mit.edu!bloom-beacon.mit.edu!171.64.64.130.MISMATCH!usenet.stanford.edu!not-for-mail |
|---|---|
| From | Mohd Hanafie <nafiez.skins@gmail.com> |
| Newsgroups | gnu.utils.bug |
| Subject | Re: Vulnerability Report on Sharutils 4.15.2 |
| Date | Sun, 25 Mar 2018 23:17:45 +0000 |
| Lines | 64 |
| Approved | bug-gnu-utils@gnu.org |
| Message-ID | <mailman.11236.1522019881.27995.bug-gnu-utils@gnu.org> (permalink) |
| References | <47a93dc0-b0f9-9dc7-593e-ce7f96f56e19@gmail.com> <20180325175147.GA13587@eldamar.local> |
| NNTP-Posting-Host | lists.gnu.org |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset="UTF-8" |
| X-Trace | usenet.stanford.edu 1522019882 17186 208.118.235.17 (25 Mar 2018 23:18:02 GMT) |
| X-Complaints-To | action@cs.stanford.edu |
| Cc | bug-gnu-utils@gnu.org |
| To | Salvatore Bonaccorso <carnil@debian.org> |
| Envelope-to | bug-gnu-utils@gnu.org |
| DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Sc+nBg4vCad+szGObis/R33NQB4rEaHCQJ8aa+0r7do=; b=HEs6zQI9XFUbgrLu4Yc1eEYlJ0gov6Yyso1hKdF/RtR5KpB/19Y7lNgfhuzW4U40st 3aVUFjs4L2gbUItOYq8PIYD/QkhkyB3n+OaccDUQ4ufObvuspZwcTxfhIMbW5EFwQjvj 3+iWui9uvH5RyySmMEODWBVhpdIR1nkztV00HJlpAZvzpvxMI1nf9E1fQ6FbCqFsJWNR bD2D6r7+9KqomQtQ+V293eQ9U0lBUual3hmfTbXK1BRpTPHhr5dF3Y1UtQAH8FNgSH/l JVrtVuCVFxi59hTJhLpG5VBZyowmrseqPfFxFR1u6oL91PgMg7s3IHCDvM2A6VGRhyqq G8kQ== |
| X-Google-DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Sc+nBg4vCad+szGObis/R33NQB4rEaHCQJ8aa+0r7do=; b=jN0k8A10dSdLzZp9BXNlF/HpkaH/gzw913fSZvmgGEI23o9lXZSjr+5lybEEN7epw4 gpb89kENY6DDVDMrkNmitIUviiI/eqPGA44NHnnUm+DUET7JsEBRb+ERhDDfMAzPFy8Q EQ88F/27LubHvt4FF/6g/hapQUwdeEYn8hS44WfoT9YBdPclM2jR4z2FTjjbX9dXKo6b Ctr2LCTl6P0tbg+7dM5nFXdkGs8ELhUwUI20/HgV8o1IwU0Vl8TWImyyLBJ1JffOnNmM 1SEBaTZ3va6m9o4rlbqYss3/bwlV8jaJp1Pk3/t1FOThmYx3qPWPCElu1PG/f5wiJ3dR aE0g== |
| X-Gm-Message-State | AElRT7ECE9lW9tQ2e8o4OSyiAJphyfNiMnkcD4xaQcaZvqkMfpNU7WCp T394mt+lXa+1G4CxKe4Q7cIu/tp44r56VycaoxA= |
| X-Google-Smtp-Source | AIpwx494lffH7rjOK7wLD++9sgXvYN5eX2NFSnFwOvwzBxj+0bIIPtZKwhGeQV4htanIDnVSXn4xs2L2uaHrw/G/neM= |
| X-Received | by 10.237.52.230 with SMTP id x93mr26823088qtd.152.1522019876226; Sun, 25 Mar 2018 16:17:56 -0700 (PDT) |
| In-Reply-To | <20180325175147.GA13587@eldamar.local> |
| X-detected-operating-system | by eggs.gnu.org: Genre and OS details not recognized. |
| X-Received-From | 2607:f8b0:400d:c0d::229 |
| X-Content-Filtered-By | Mailman/MimeDel 2.1.21 |
| X-BeenThere | bug-gnu-utils@gnu.org |
| X-Mailman-Version | 2.1.21 |
| Precedence | list |
| List-Id | Bug reports for the GNU utilities <bug-gnu-utils.gnu.org> |
| List-Unsubscribe | <https://lists.gnu.org/mailman/options/bug-gnu-utils>, <mailto:bug-gnu-utils-request@gnu.org?subject=unsubscribe> |
| List-Archive | <http://lists.gnu.org/archive/html/bug-gnu-utils/> |
| List-Post | <mailto:bug-gnu-utils@gnu.org> |
| List-Help | <mailto:bug-gnu-utils-request@gnu.org?subject=help> |
| List-Subscribe | <https://lists.gnu.org/mailman/listinfo/bug-gnu-utils>, <mailto:bug-gnu-utils-request@gnu.org?subject=subscribe> |
| Xref | csiph.com gnu.utils.bug:2233 |
Show key headers only | View raw
Hi, Issue has been resolved and CVE has been assigned, CVE-2018-1000097. Thanks! On Mon, 26 Mar 2018 at 1:51 AM, Salvatore Bonaccorso <carnil@debian.org> wrote: > Hi > > On Wed, Feb 21, 2018 at 03:06:34PM +0800, nafiez wrote: > > Hi, > > > > Below are the details of the issue we found during fuzzing "unshar". > > Was trying to compile with ASAN however doesn't work at all (could be > > missing something that's why not worked). However, I did this manually > > verified. Attached is the fuzzed file (password: abc123). > > > > john@fuzzing:~/sharutils-4.15.2/src/crashed_unshar$ gdb -q ../unshar > > Reading symbols from ../unshar...done. > > (gdb) r 2.fuzz > > Starting program: /home/john/sharutils-4.15.2/src/unshar 2.fuzz > > [Thread debugging using libthread_db enabled] > > Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1". > > 2.fuzz: > > Segmentation fault > > > > Program received signal SIGPIPE, Broken pipe. > > 0xb7fd9ce5 in __kernel_vsyscall () > > (gdb) bt > > #0 0xb7fd9ce5 in __kernel_vsyscall () > > #1 0xb797bb93 in __write_nocancel () at > > ../sysdeps/unix/syscall-template.S:84 > > #2 0xb790f0b1 in _IO_new_file_write (f=0xb4103b50, data=0xb6100100, > > n=4096) at fileops.c:1263 > > #3 0xb790e3e4 in new_do_write (fp=fp@entry=0xb4103b50, > > data=data@entry=0xb6100100 "", to_do=to_do@entry=4096) at fileops.c:518 > > #4 0xb790f775 in _IO_new_file_xsputn (f=0xb4103b50, data=0xb6100100, > > n=4096) at fileops.c:1342 > > #5 0xb790e01e in __GI_fwrite_unlocked (buf=0xb6100100, size=1, > > count=4096, fp=0xb4103b50) at iofwrite_u.c:43 > > #6 0x0804c2df in unshar_file (name=0xbffff1e4 "2.fuzz", > > file=0xb4903bc0) at unshar.c:396 > > #7 0x0804a2f5 in validate_fname (fname=0xbffff1e4 "2.fuzz") at > > unshar-opts.c:604 > > #8 main (argc=2, argv=0xbfffefb4) at unshar-opts.c:639 > > > > Further verification of the source code, we found the issue was on the > > line unshar.c:396 which is broken when performed write. Issue seems to > > be more on memory corruption. > > Has this issue been further looked at and is there a patch available > for the issue? > > Does it need a CVE assigned? > > Regards, > Salvatore > -- Thanks, Nafiez
Back to gnu.utils.bug | Previous | Next | Find similar
Re: Vulnerability Report on Sharutils 4.15.2 Mohd Hanafie <nafiez.skins@gmail.com> - 2018-03-25 23:17 +0000
csiph-web