Skip to content

Archives

Links for 2014-10-27

  • PSA: don’t run ‘strings’ on untrusted files (CVE-2014-8485)

    ffs.

    Perhaps simply by the virtue of being a part of that bundle, the strings utility tries to leverage the common libbfd infrastructure to detect supported executable formats and “optimize” the process by extracting text only from specific sections of the file. Unfortunately, the underlying library can be hardly described as safe: a quick pass with afl (and probably with any other competent fuzzer) quickly reveals a range of troubling and likely exploitable out-of-bounds crashes due to very limited range checking

    (tags: strings libbfd gnu security fuzzing buffer-overflows)