Results of environment variable fuzzing Debian 5.05 SUID/SGIDs
I environment variable fuzzed the Debian 5.05 repository consisting of the following binaries:
https://github.com/silviocesare/Automated-Audits/blob/master/Debian5.05/EnvironmentVariableFuzzing/05-01-2011/PrivilegedProgramList
This is roughly most but not quite all SUID/SGID programs in Debian. There were some package conflicts which meant I didn't get complete automated coverage of the repository.
I used the public sharefuzz tool which tries using long environment variables to trigger buffer overflows. I had three crashes and reported bugs for each:
toppler http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608979
lbreakout2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608980
zhcon http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608981
Any followup comments should CC me.
--
Silvio Cesare
Reply to: