From: "ptestpage32 at gmail dot com" <sourceware-bugzilla@sourceware.org>
To: elfutils-devel@sourceware.org
Subject: [Bug tools/23787] eu-size: Bad handling of ar files inside are files
Date: Wed, 01 Apr 2020 13:09:53 +0000 [thread overview]
Message-ID: <bug-23787-10460-aeuFd7pPti@http.sourceware.org/bugzilla/> (raw)
In-Reply-To: <bug-23787-10460@http.sourceware.org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=23787
--- Comment #18 from Steven Smith <ptestpage32 at gmail dot com> ---
If you want to login to the Linksys router you can login with
https://mywifiextnets.net/linksys-default-password/ and setup your router.(In
reply to Mark Wielaard from comment #4)
> For reference this was assigned CVE-2018-18520.
>
> Note that the description of the CVE is misleading.
> The bug is in eu-size, not in libelf elf_end.
If you want to login to the Linksys router you can login with
https://mywifiextnets.net/linksys-default-password/ and setup your router.(In
reply to wcventure from comment #0)
> Created attachment 11338 [details]
> POC1
>
> Hi,
>
> Our fuzzer found an Invalid Address Deference problem in function elf_end in
> libelf the latest elfutils-0.174 code base. I have confirmed them with
> Address Sanitizer, too.
>
> The function elf_end is called by size.c. Here are the POC files. Please use
> " ./eu-size $POC " to reproduce this bug.
>
> The ASAN dumps the stack trace as follows:
> ASAN:DEADLYSIGNAL
> =================================================================
> ==21938==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc
> 0x7f1a0efb3cd6 bp 0x7ffd04b5dc40 sp 0x7ffd04b5db50 T0)
> ==21938==The signal is caused by a READ memory access.
> ==21938==Hint: address points to the zero page.
> #0 0x7f1a0efb3cd5 in elf_end
> (/usr/lib/x86_64-linux-gnu/libelf.so.1+0x4cd5)
> #1 0x405aa2 in handle_ar
> /media/hjwang/01D3344861A8D2E0/wcventure/Project/elfutils/src/size.c:373
> #2 0x401c7a in process_file
> /media/hjwang/01D3344861A8D2E0/wcventure/Project/elfutils/src/size.c:294
> #3 0x401c7a in main
> /media/hjwang/01D3344861A8D2E0/wcventure/Project/elfutils/src/size.c:186
> #4 0x7f1a0ec0582f in __libc_start_main
> (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
> #5 0x4029f8 in _start
> (/media/hjwang/01D3344861A8D2E0/wcventure/Project/elfutils/build/bin/eu-
> size+0x4029f8)
>
> AddressSanitizer can not provide additional info.
> SUMMARY: AddressSanitizer: SEGV
> (/usr/lib/x86_64-linux-gnu/libelf.so.1+0x4cd5) in elf_end
> ==21938==ABORTING
> Aborted
https://printertestpage.co/ is the site which is available 24hrs. For
troubleshoot your printer.
--
You are receiving this mail because:
You are on the CC list for the bug.
next prev parent reply other threads:[~2020-04-01 13:09 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-17 12:01 [Bug libelf/23787] New: Invalid Address Deference problem in function elf_end in libelf the latest elfutils-0.174 wcventure at 126 dot com
2018-10-17 12:02 ` [Bug libelf/23787] " wcventure at 126 dot com
2018-10-18 23:05 ` [Bug libelf/23787] eu-size: Bad handling of ar files inside are files mark at klomp dot org
2018-10-19 22:59 ` mark at klomp dot org
2018-11-14 11:46 ` mark at klomp dot org
2018-11-14 11:54 ` [Bug tools/23787] " mark at klomp dot org
2019-07-23 4:16 ` omarandemad at gmail dot com
2019-11-26 2:20 ` bloonstowerdefense5.io at gmail dot com
2019-11-26 2:20 ` bloonstowerdefense5.io at gmail dot com
2020-01-21 11:43 ` johnkaitlyn95 at gmail dot com
2020-02-12 12:45 ` ardzimba30 at gmail dot com
2020-02-19 8:35 ` apizoid at gmail dot com
2020-02-22 10:53 ` damnedboy92 at gmail dot com
2020-03-10 12:36 ` fansocialfan at gmail dot com
2020-03-12 9:43 ` damnedboy92 at gmail dot com
2020-03-16 15:23 ` damnedboy92 at gmail dot com
2020-03-28 5:17 ` rajputveer8055 at gmail dot com
2020-03-28 5:25 ` rajputveer8055 at gmail dot com
2020-04-01 13:07 ` andrewlincon49 at gmail dot com
2020-04-01 13:09 ` ptestpage32 at gmail dot com [this message]
2020-04-06 18:11 ` xiloci6226 at gotkmail dot com
2020-04-06 20:24 ` bubbleshort321 at gmail dot com
2020-04-06 20:26 ` bubbleshort321 at gmail dot com
2020-04-15 7:17 ` luciham20 at gmail dot com
2020-04-17 22:45 ` ijaffery7 at gmail dot com
2020-04-19 17:57 ` ardzimba32 at gmail dot com
2020-04-22 11:30 ` backgroundsound901 at gmail dot com
2020-04-28 4:31 ` claire at shoesformen dot com
2020-04-28 4:32 ` claire at shoesformen dot com
2020-05-11 8:00 ` simpsonjoshua329 at gmail dot com
2020-06-06 9:57 ` shockfilm.in at gmail dot com
2020-08-09 2:10 ` info at saturdaysale dot com
2020-08-12 2:01 ` tranhung22102019 at gmail dot com
2020-08-25 10:05 ` pinoytvtambayanhd at gmail dot com
2020-09-08 6:09 ` support at youwin dot org.ng
2020-09-20 1:00 ` gpcannabisclub at gmail dot com
2020-09-28 8:14 ` shahidanwar8359 at gmail dot com
2020-09-28 8:17 ` shahidanwar8359 at gmail dot com
2020-09-28 8:22 ` zarakhan8359 at gmail dot com
2020-10-08 20:48 ` poonamsinghdnt at gmail dot com
2020-10-26 6:54 ` vanessarose786 at gmail dot com
2020-12-02 5:45 ` jackdie3438 at gmail dot com
2020-12-02 10:10 ` mark at klomp dot org
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-23787-10460-aeuFd7pPti@http.sourceware.org/bugzilla/ \
--to=sourceware-bugzilla@sourceware.org \
--cc=elfutils-devel@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).