[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[platform-testers] wget and libbfd vulnerabilities
|
From: |
Nelson H. F. Beebe |
|
Subject: |
[platform-testers] wget and libbfd vulnerabilities |
|
Date: |
Thu, 30 Oct 2014 17:06:51 -0600 (MDT) |
Just in case some of you haven't seen it, this snippet appeared today
on the SANS security list:
>> ...
>> Title: GNU wget FTP Symlink Arbitrary Filesystem Access Vulnerability
>>
>> Description: GNU Wget versions prior to 1.16 are vulnerable a symlink
>> attack (CVE-2014-4877) when running in recursive mode with a FTP
>> target. This vulnerability allows an attacker operating a malicious
>> FTP server to create arbitrary files, directories, and symlinks on the
>> user's filesystem.
>>
>> Reference:
>> https://community.rapid7.com/community/metasploit/blog/2014/10/28/r7-2014-15-gnu-wget-ftp-symlink-arbitrary-filesystem-access
>>
>> Snort SID: Detection Pending
>>
>> Title: Running "strings" on Untrusted File is a Security Hazard
>> (CVE-2014-8485)
>>
>> Description: The strings utility on Linux leverages the common libbfd
>> infrastructure to detect supported executable formats and "optimize"
>> the process by extracting text only from specific sections of the
>> file. However, the libbfd library has been discovered to contain very
>> limited range checking indicating it is likely vulnerable to exploit.
>> Reference:
>> http://lcamtuf.blogspot.com/2014/10/psa-dont-run-strings-on-untrusted-files.html
>> ...
Some of these issues might have been exposed by the old technique of
fuzz testing: see entries Miller:1990:ESR, Miller:1995:FRR, and
Miller:2006:ESR in
http://www.math.utah.edu/pub/tex/bib/unix.bib
http://www.math.utah.edu/pub/tex/bib/unix.html
Also, the new GNU gcc compiler family version 5.00 which appeared
first on 17-Aug-2014, and in weekly snapshots since then, contains a
new -fsanitize option family with 23 suboptions that may be helpful in
exposing such problems.
In our test lab with about 40 flavors of Unix, none of their vendors
yet supplies a gcc-5.x compiler in the standard binary releases, but
over the past couple of weeks, I've successfully built one or more 5.x
snapshots on at least these flavors:
Debian 6.0, 7.7 (x86-64)
DragonFlyBSD 3.6, 3.8, 3.9 (x86-64)
Fedora 20 (x86, x86-64)
Gentoo 2.1 (Alpha)
Red Hat 5, 6, 7 (x86, x86-64, IA-64)
Slackware 14 (x86-64)
Solaris 10 (SPARC)
I've made many attempts on other flavors, but so far, all have failed.
It should be possible for me to offer prebuilt binary distributions of
gcc-5.x (with compilers for C, C++, Fortran, and sometimes Ada, Go,
Java, and Objective-C) for some those systems; contact me off-list if
you are interested, or want more info about the gcc build
configurations.
-------------------------------------------------------------------------------
- Nelson H. F. Beebe Tel: +1 801 581 5254 -
- University of Utah FAX: +1 801 581 4148 -
- Department of Mathematics, 110 LCB Internet e-mail: address@hidden -
- 155 S 1400 E RM 233 address@hidden address@hidden -
- Salt Lake City, UT 84112-0090, USA URL: http://www.math.utah.edu/~beebe/ -
-------------------------------------------------------------------------------
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [platform-testers] wget and libbfd vulnerabilities,
Nelson H. F. Beebe <=