lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <707766130610231746w11682f23u35b562a211446f8d@mail.gmail.com>
Date: Tue, 24 Oct 2006 02:46:32 +0200
From: L.M.H. <lmh@...o-pull.com>
To: dailydave@...ts.immunitysec.com,
	full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Month of Kernel Bugs and fsfuzzer release (0.6)

Hi,

Back in March of this year, I was working on fuzzing-related code,
mostly about kernel-land testing (ex. filesystem code). I gave the
initial code of a tool to a Red Hat employee in charge of QA related
tasks (after showing some issues in iso9660 and jfs). During the next
months the code was subject of cosmetic changes, and he added some
improvements (split the test procedure in another file, added gfs and
hfs support, improved usability).

Few days ago the interest suddenly raised as he found out that nearly
all the filesystems supported in the latest Linux kernel revision are
affected by one or more issues (at very least, a denial of service
concerning a specific operation such as read, write, etc, normally
causing a so-called softlock-up/oops or a hardlock/panic/fs
corruption).

Another Red Hat employee, excited about the tool, 'leaked' the URL to
the LKML [2][3] (even if code was available in a publicly accessible
repository it wasn't being distributed actively). As usual, it didn't
bother much the people there ;-)

I had interest on tracking down the issues found with the tool, not
just for curiosity. The feeling about 'silent patches' [1] became
stronger when I realized that there was no intention for doing this
publicly by other parties (cough). This is sadly, a common practice
everywhere.

Thanks to this and some other goodies, The Month of Kernel Bugs will
start on 1st November, and will be announced this next Monday (30
Oct). I'm looking for other people interested on providing bugs for
XNU (also for the "good old" Darwin), win32, *BSD, etc. If you
want to contribute, drop me a line. Please note that only 'fresh',
unknown bugs will be accepted, and submissions should be briefly
documented. The goal is disclosing a kernel bug (DoS, privilege
escalation, whatever interesting) on a daily basis for November.

Watch out for silent patches in the git repositories, obscured
bugzilla entries and the usual FUD. It doesn't hurt to get ready for
the usual madness. Note that 'silent' doesn't necessarily mean
'covered up'. But just improperly described/not considered a security
issue.

Anyway, regarding the tool, these are the filesystems currently
supported (depends on the packages you have installed in the system
but these are all the supported ones right now, as of 0.6):
[root@...oravm fsfuzzer-0.6-lmh]# ./fsfuzz --help
./fsfuzz (ext3|ext2|vfat|msdos|swap|squashfs|xfs|hfs|gfs2|ntfs|reiserfs|jffs2|iso9660|cramfs|
jfs|minix|bfs)

Tarball available at: http://projects.info-pull.com/mokb/fsfuzzer-0.6-lmh.tgz
And today's partial bugs list:
http://projects.info-pull.com/mokb/fs-bugs-23-10-2006.txt.asc
Key will be made available after November. This is for verification
purposes. Hopefully they will still work by that time, so it shouldn't
be necessary.

Usual disclaimer applies. If you sell or get money from a bug found
with this tool, shame on you ;-). Also, most of the bugs you can
actually find with it are already known, but it's always nice to hear
about new details (and if you've ported it to some other platform,
better). You're more than welcome to send them. They will be
considered for release in the MoKB, crediting accordingly.

Kind regards.

[1]: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=209907
[2]: http://www.ussg.iu.edu/hypermail/linux/kernel/0610.2/1941.html
[3]: http://www.ussg.iu.edu/hypermail/linux/kernel/0610.2/2169.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ