30

Dec

by pi3

This will be very short post… I have found (few months ago) security vulnerability in one of Apache server/module. I contact with apache security team. After few days I will decide about “future” of this bug – publish or wait for security path and publish after it. Now I can paste here simple output from gdb:

Program received signal SIGSEGV, Segmentation fault.
0x0000003fec682958 in memcpy () from /lib64/libc.so.6
Missing separate debuginfos, use: debuginfo-install expat-2.0.1-6.fc11.1.x86_64 
glibc-2.10.1-5.x86_64 nss-softokn-freebl-3.12.4-3.fc11.x86_64
(gdb) bt
#0  0x0000003fec682958 in memcpy () from /lib64/libc.so.6
#1  0x000000000043083c in inet_addr ()
#2  0x000000000042a796 in inet_addr ()
#3  0x000000000042975f in inet_addr ()
#4  0x000000000041d8f5 in inet_addr ()
#5  0x0000000000432a29 in inet_addr ()
#6  0x000000000044bc88 in inet_addr ()
#7  0x000000000044bceb in inet_addr ()
#8  0x0000000000441344 in inet_addr ()
#9  0x0000000000441521 in inet_addr ()
#10 0x00000000004416a7 in inet_addr ()
#11 0x0000000000441f5f in inet_addr ()
#12 0x0000000000442820 in inet_addr ()
#13 0x0000003fec61ea2d in __libc_start_main () from /lib64/libc.so.6
#14 0x0000000000403399 in inet_addr ()
#15 0x00007fffffffe618 in ?? ()
#16 0x000000000000001c in ?? ()
#17 0x0000000000000002 in ?? ()
#18 0x00007fffffffe87d in ?? ()
#19 0x00007fffffffe899 in ?? ()
#20 0x0000000000000000 in ?? ()

Best regards,

Adam Zabrocki

15

Dec

by pi3

More than year ago I was publish advisory in ‘mtr’ software. I think, personally, it is great bug because it can’t exist without unspecified situation in  libresolv library 🙂 The question is why have I written information about it on blog?

I forgot add this advisory in my site (sic!) 🙂 Now it’s ok and you can find this advisory here.

I attached to this advisory details and Proof Of Concept. If you haven’t read it yet i strongly recommend you to do it because it shows that sometimes if  we read source code we think bug doesn’t exists but sometimes other external stuff/bugs/unspecified situation help us to trigger and exploit unexisting bug 🙂

Here is link – once again:
http://site.pi3.com.pl/adv/advisory-libresolv-mtr.txt

Btw. In future I want to continue research about CPU bugs and probably it will cause news posts in this topic 🙂

Best regards,

Adam Zabrocki

Is it a dream? Impossible? Bugs in CPU? No… it’s reality! CPU is only a piece of hardware. Everything have bugs… CPU too. I will give here only a piece of information about bugs in INTEL products…

Read more

OK. I haven’t written long time on blog. Today I want to show you what sometimes
yum can do without your knowledge. Few days ago I was upgrading one of system using yum.
Everything looked fine. I was happy that sometimes yum is useful. After work I went sleep
and next day I received messages that smth is fu** up with www…

Read more