[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug binutils/2584] New: SIGSEGV in strings tool when the file is crafte
From: |
jolmos at isecauditors dot com |
Subject: |
[Bug binutils/2584] New: SIGSEGV in strings tool when the file is crafted. |
Date: |
18 Apr 2006 12:59:00 -0000 |
This evil file cannot be scanned with strings command:
address@hidden:/research# strings evil
Violación de segmento
address@hidden:/research# cat evil
%253Cc%253Cc%253Cc%253Cc%253Cc%253Cc%253Cc
address@hidden:/research#
(gdb) r evil
Starting program: /usr/bin/strings evil
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
Program received signal SIGSEGV, Segmentation fault.
0xb7e9ecbd in bfd_hash_lookup () from /usr/lib/libbfd-2.16.1.so
(gdb)
The problem is in bfd_hack_lookup from libbfd-2.16.1.so library, at this snippet
of code:
1fcb1: c1 ef 02 shr $0x2,%edi
1fcb4: 31 c7 xor %eax,%edi
1fcb6: 89 f8 mov %edi,%eax
1fcb8: 8b 4d 08 mov 0x8(%ebp),%ecx
1fcbb: 31 d2 xor %edx,%edx
1fcbd: f7 71 04 divl 0x4(%ecx) <--SIGSEGV with
%253Cc%AAAAA%AAAAA%AAAAA%AAAAA%AAAAA%AAAAA
1fcc0: 01 d2 add %edx,%edx
1fcc2: 01 d2 add %edx,%edx
1fcc4: 89 55 e0 mov %edx,0xffffffe0(%ebp)
with %253Cc ecx gets 0x54 value, and it cannot access to this address. It seems
there is not exploitable.
Ubuntu:
Linux jolmos 2.6.12-9-386 #1 Mon Oct 10 13:14:36 BST 2005 i686 GNU/Linux
i have tested on other kernels and the result is the same.
Jesús Olmos Gonzalez
Internet Security Auditors
www.isecauditors.com
--
Summary: SIGSEGV in strings tool when the file is crafted.
Product: binutils
Version: 2.16
Status: NEW
Severity: normal
Priority: P2
Component: binutils
AssignedTo: unassigned at sources dot redhat dot com
ReportedBy: jolmos at isecauditors dot com
CC: bug-binutils at gnu dot org
GCC target triplet: strings and libbfd-2.16.1.so
http://sourceware.org/bugzilla/show_bug.cgi?id=2584
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
- [Bug binutils/2584] New: SIGSEGV in strings tool when the file is crafted.,
jolmos at isecauditors dot com <=
- [Bug binutils/2584] SIGSEGV in strings tool when the file is crafted., hjl at lucon dot org, 2006/04/18
- [Bug binutils/2584] SIGSEGV in strings tool when the file is crafted., hjl at lucon dot org, 2006/04/18
- [Bug binutils/2584] SIGSEGV in strings tool when the file is crafted., ivan at 0x4849 dot net, 2006/04/18
- [Bug binutils/2584] SIGSEGV in strings tool when the file is crafted., jolmos at isecauditors dot com, 2006/04/21
- [Bug binutils/2584] SIGSEGV in strings tool when the file is crafted., kkojima at rr dot iij4u dot or dot jp, 2006/04/23