jm + buffer-overflows   3

PSA: don't run 'strings' on untrusted files (CVE-2014-8485)
ffs.
Perhaps simply by the virtue of being a part of that bundle, the strings utility tries to leverage the common libbfd infrastructure to detect supported executable formats and "optimize" the process by extracting text only from specific sections of the file. Unfortunately, the underlying library can be hardly described as safe: a quick pass with afl (and probably with any other competent fuzzer) quickly reveals a range of troubling and likely exploitable out-of-bounds crashes due to very limited range checking
strings  libbfd  gnu  security  fuzzing  buffer-overflows 
october 2014 by jm
The poisoned NUL byte, 2014 edition
A successful exploit of Fedora glibc via a single NUL overflow (via Tony Finch)
via:fanf  buffer-overflows  security  nul  byte  exploits  google  project-zero 
august 2014 by jm

Copy this bookmark:



description:


tags: