Re: Results of environment variable fuzzing Debian 5.05 SUID/SGIDs

[Kees de Jong <keesdejong@gmail.com>]

Sorry Silvio,


I don't quite follow your endeavor. Could you enlighten me (us) a bit more? Why are you doing this? And what benefit does this information serve us?



--
Kind regards,
Kees de Jong

De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is uitsluitend bestemd voor de geadresseerde(n).
Indien u dit bericht onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en de afzender direct te informeren door het bericht te retourneren.
--
The information contained in this message may be confidential and is intended to be exclusively for the addressee(s).
Should you receive this message unintentionally, please do not use the contents herein and notify the sender immediately by return e-mail.

On Tue, Jan 18, 2011 at 03:49, Silvio Cesare <silvio.cesare@gmail.com> wrote:

I environment variable fuzzed the Debian 5.05 repository consisting of the following binaries:

https://github.com/silviocesare/Automated-Audits/blob/master/Debian5.05/EnvironmentVariableFuzzing/05-01-2011/PrivilegedProgramList

This is roughly most but not quite all SUID/SGID programs in Debian. There were some package conflicts which meant I didn't get complete automated coverage of the repository.

I used the public sharefuzz tool which tries using long environment variables to trigger buffer overflows. I had three crashes and reported bugs for each:

toppler http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608979
lbreakout2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608980
zhcon http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608981

Any followup comments should CC me.

--
Silvio Cesare