[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Re: CVE request: out-of-bounds write with cpio 2.11
From:       Gustavo Grieco <gustavo.grieco () gmail ! com>
Date:       2016-01-29 21:43:32
Message-ID: CACn5sdSmJz5Waf2nL2pHYrRsw1OvmS7uny-_KZuXi4tFc5ROZQ () mail ! gmail ! com
[Download RAW message or body]


2016-01-29 17:52 GMT-03:00 anarcat <anarcat@orangeseeds.org>:

> I can't actually reproduce this on Debian, which runs 2.11 all the way
> back to squeeze:
>
> (gdb) run -i < ../overflow.cpio
> Starting program: /bin/cpio -i < ../overflow.cpio
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library
> "/lib/x86_64-linux-gnu/libthread_db.so.1".
> /bin/cpio: Malformed number0000000
> /bin/cpio: warning: skipped 8 bytes of junk
> /bin/cpio: Substituting `.' for empty member name
> /bin/cpio: . not created: newer or same age version exists
> /bin/cpio: premature end of file
> [Inferior 1 (process 191) exited with code 02]
>
> Did i miss something?
>

Yeap, you need to user valgrind to expose this issue:

$ valgrind cpio -i < ../overflow.cpio



>
> a.
> --
> The United States is a nation of laws:
> badly written and randomly enforced.
>                         - Frank Zappa
>
>


[prev in list] [next in list] [prev in thread] [next in thread]