This evil file cannot be scanned with strings command:
[EMAIL PROTECTED]:/research# strings evil
Violación de segmento
[EMAIL PROTECTED]:/research# cat evil
%253Cc%253Cc%253Cc%253Cc%253Cc%253Cc%253Cc
[EMAIL PROTECTED]:/research#
(gdb) r evil
Starting program: /usr/bin/strings evil
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
Program received signal SIGSEGV, Segmentation fault.
0xb7e9ecbd in bfd_hash_lookup () from /usr/lib/libbfd-2.16.1.so
(gdb)
The problem is in bfd_hack_lookup from libbfd-2.16.1.so library, at this snippet
of code:
1fcb1: c1 ef 02 shr $0x2,%edi
1fcb4: 31 c7 xor %eax,%edi
1fcb6: 89 f8 mov %edi,%eax
1fcb8: 8b 4d 08 mov 0x8(%ebp),%ecx
1fcbb: 31 d2 xor %edx,%edx
1fcbd: f7 71 04 divl 0x4(%ecx) <--SIGSEGV with
%253Cc%AAAAA%AAAAA%AAAAA%AAAAA%AAAAA%AAAAA
1fcc0: 01 d2 add %edx,%edx
1fcc2: 01 d2 add %edx,%edx
1fcc4: 89 55 e0 mov %edx,0xffffffe0(%ebp)
with %253Cc ecx gets 0x54 value, and it cannot access to this address. It seems
there is not exploitable.
Ubuntu:
Linux jolmos 2.6.12-9-386 #1 Mon Oct 10 13:14:36 BST 2005 i686 GNU/Linux
i have tested on other kernels and the result is the same.
Jesús Olmos Gonzalez
Internet Security Auditors
www.isecauditors.com
--
Summary: SIGSEGV in strings tool when the file is crafted.
Product: binutils
Version: 2.16
Status: NEW
Severity: normal
Priority: P2
Component: binutils
AssignedTo: unassigned at sources dot redhat dot com
ReportedBy: jolmos at isecauditors dot com
CC: bug-binutils at gnu dot org
GCC target triplet: strings and libbfd-2.16.1.so
http://sourceware.org/bugzilla/show_bug.cgi?id=2584
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
_______________________________________________
bug-binutils mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/bug-binutils
