[Bug tools/23787] eu-size: Bad handling of ar files inside are files

ptestpage32 at gmail dot com sourceware-bugzilla@sourceware.org
Wed Apr 1 13:09:53 GMT 2020


https://sourceware.org/bugzilla/show_bug.cgi?id=23787

--- Comment #18 from Steven Smith <ptestpage32 at gmail dot com> ---
If you want to login to the Linksys router you can login with
https://mywifiextnets.net/linksys-default-password/ and setup your router.(In
reply to Mark Wielaard from comment #4)
> For reference this was assigned CVE-2018-18520.
> 
> Note that the description of the CVE is misleading.
> The bug is in eu-size, not in libelf elf_end.

If you want to login to the Linksys router you can login with
https://mywifiextnets.net/linksys-default-password/ and setup your router.(In
reply to wcventure from comment #0)
> Created attachment 11338 [details]
> POC1
> 
> Hi,
> 
> Our fuzzer found an Invalid Address Deference problem in function elf_end in
> libelf the latest elfutils-0.174 code base. I have confirmed them with
> Address Sanitizer, too.
> 
> The function elf_end is called by size.c. Here are the POC files. Please use
> " ./eu-size $POC " to reproduce this bug. 
> 
> The ASAN dumps the stack trace as follows:
> ASAN:DEADLYSIGNAL
> =================================================================
> ==21938==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc
> 0x7f1a0efb3cd6 bp 0x7ffd04b5dc40 sp 0x7ffd04b5db50 T0)
> ==21938==The signal is caused by a READ memory access.
> ==21938==Hint: address points to the zero page.
>     #0 0x7f1a0efb3cd5 in elf_end
> (/usr/lib/x86_64-linux-gnu/libelf.so.1+0x4cd5)
>     #1 0x405aa2 in handle_ar
> /media/hjwang/01D3344861A8D2E0/wcventure/Project/elfutils/src/size.c:373
>     #2 0x401c7a in process_file
> /media/hjwang/01D3344861A8D2E0/wcventure/Project/elfutils/src/size.c:294
>     #3 0x401c7a in main
> /media/hjwang/01D3344861A8D2E0/wcventure/Project/elfutils/src/size.c:186
>     #4 0x7f1a0ec0582f in __libc_start_main
> (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
>     #5 0x4029f8 in _start
> (/media/hjwang/01D3344861A8D2E0/wcventure/Project/elfutils/build/bin/eu-
> size+0x4029f8)
> 
> AddressSanitizer can not provide additional info.
> SUMMARY: AddressSanitizer: SEGV
> (/usr/lib/x86_64-linux-gnu/libelf.so.1+0x4cd5) in elf_end
> ==21938==ABORTING
> Aborted
https://printertestpage.co/ is the site which is available 24hrs. For
troubleshoot your printer.

-- 
You are receiving this mail because:
You are on the CC list for the bug.


More information about the Elfutils-devel mailing list