This evil file cannot be scanned with strings command: [EMAIL PROTECTED]:/research# strings evil Violación de segmento
[EMAIL PROTECTED]:/research# cat evil %253Cc%253Cc%253Cc%253Cc%253Cc%253Cc%253Cc [EMAIL PROTECTED]:/research# (gdb) r evil Starting program: /usr/bin/strings evil (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) Program received signal SIGSEGV, Segmentation fault. 0xb7e9ecbd in bfd_hash_lookup () from /usr/lib/libbfd-2.16.1.so (gdb) The problem is in bfd_hack_lookup from libbfd-2.16.1.so library, at this snippet of code: 1fcb1: c1 ef 02 shr $0x2,%edi 1fcb4: 31 c7 xor %eax,%edi 1fcb6: 89 f8 mov %edi,%eax 1fcb8: 8b 4d 08 mov 0x8(%ebp),%ecx 1fcbb: 31 d2 xor %edx,%edx 1fcbd: f7 71 04 divl 0x4(%ecx) <--SIGSEGV with %253Cc%AAAAA%AAAAA%AAAAA%AAAAA%AAAAA%AAAAA 1fcc0: 01 d2 add %edx,%edx 1fcc2: 01 d2 add %edx,%edx 1fcc4: 89 55 e0 mov %edx,0xffffffe0(%ebp) with %253Cc ecx gets 0x54 value, and it cannot access to this address. It seems there is not exploitable. Ubuntu: Linux jolmos 2.6.12-9-386 #1 Mon Oct 10 13:14:36 BST 2005 i686 GNU/Linux i have tested on other kernels and the result is the same. Jesús Olmos Gonzalez Internet Security Auditors www.isecauditors.com -- Summary: SIGSEGV in strings tool when the file is crafted. Product: binutils Version: 2.16 Status: NEW Severity: normal Priority: P2 Component: binutils AssignedTo: unassigned at sources dot redhat dot com ReportedBy: jolmos at isecauditors dot com CC: bug-binutils at gnu dot org GCC target triplet: strings and libbfd-2.16.1.so http://sourceware.org/bugzilla/show_bug.cgi?id=2584 ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. _______________________________________________ bug-binutils mailing list bug-binutils@gnu.org http://lists.gnu.org/mailman/listinfo/bug-binutils