View Issue Details

IDProjectCategoryView StatusLast Update
0000065file[All Projects] Generalpublic2019-02-19 13:18
ReporterspinpxAssigned Tochristos 
PriorityurgentSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
Platformx86_64OSDebianOS Version10
Product Version5.35 
Target VersionFixed in Version5.36 
Summary0000065: Possible stack corruption
DescriptionWe build file with `--disable-libseccomp` by clang 4.0.0.
We ran the program with the input we provide without any other arguments.

The bugs exists in file 5.35.

Stack:
Program received signal SIGSEGV, Segmentation fault.
"#0 0x000000000043e271 in do_core_note (ms=<optimized out>, nbuf=<optimized out>, type=<optimized out>, swap=<optimized out>, namesz=<optimized out>, descsz=<optimized out>, noff=<optimized out>, doff=<optimized out>, flags=<optimized out>, size=<optimized out>, clazz=<optimized out>) at /mnt/raid/user/chenpeng/FuzzingBench/file/file/src/readelf.c:770",
0000001 donote (ms=<optimized out>, vbuf=<optimized out>, offset=3452, size=<optimized out>, clazz=<optimized out>, swap=<optimized out>, align=<optimized out>, flags=<optimized out>, notecount=<optimized out>, fd=<optimized out>, ph_off=<optimized out>, ph_num=<optimized out>, fsize=<optimized out>) at /mnt/raid/user/chenpeng/FuzzingBench/file/file/src/readelf.c:1194
0000002 0x0000000400001000 in ?? ()
0000003 0x080490a4000000a4 in ?? ()
0000004 0x00bbeaebd9000000 in ?? ()
0000005 0x00200001b8000000 in ?? ()
0000006 0x0d1263aa87c56e01 in ?? ()
0000007 0x2e8ca4eef0bf9884 in ?? ()
0000008 0xf8be17bd0299a906 in ?? ()
#9 0x4fcacce3342026ed in ?? ()
0000010 0x0000000100000012 in ?? ()
0000011 0x4274654e00000001 in ?? ()
0000012 0xcc45524f432d4453 in ?? ()
0000013 0x00008990ba88a2ca in ?? ()
0000014 0x80e700000004b800 in ?? ()
0000015 0x00000000002058eb in ?? ()
0000016 0x0000000000000000 in ?? ()

We run exploitable:
Description: Possible stack corruption
Short description: PossibleStackCorruption (7/22)
Hash: 457b692b06cd893f7646681b5874c47e.57ada0a7199ae15ca6cc5f54cdbeaa99
Exploitability Classification: EXPLOITABLE
Explanation: GDB generated an error while unwinding the stack and/or the stack contained return addresses that were not mapped in the inferior's process address space and/or the stack pointer is pointing to a location outside the default stack region. These conditions likely indicate stack corruption, which is generally considered exploitable.
Other tags: AccessViolation (21/22)
Steps To Reproducerun:
# file stack_corruption1
TagsNo tags attached.

Activities

spinpx

2019-02-18 08:53

reporter  

stack_corruption1 (10,498 bytes)
stack_corruption1 (10,498 bytes)

christos

2019-02-18 18:07

manager   ~0003214

I think this is the same as the other note ones. Can you please try to see if the fix for PR/63 fixed it?

spinpx

2019-02-19 08:16

reporter   ~0003218

CVE-2019-8907
I verified it with newest git version. It fixed now!

Issue History

Date Modified Username Field Change
2019-02-18 08:53 spinpx New Issue
2019-02-18 08:53 spinpx File Added: stack_corruption1
2019-02-18 18:06 christos Assigned To => christos
2019-02-18 18:06 christos Status new => assigned
2019-02-18 18:07 christos Status assigned => feedback
2019-02-18 18:07 christos Note Added: 0003214
2019-02-19 08:16 spinpx Note Added: 0003218
2019-02-19 08:16 spinpx Status feedback => assigned
2019-02-19 13:18 christos Status assigned => resolved
2019-02-19 13:18 christos Resolution open => fixed
2019-02-19 13:18 christos Fixed in Version => 5.36