Full Disclosure mailing list archives
Re: FuzzDiff tool
From: Dan Rosenberg <drosenberg () vsecurity com>
Date: Tue, 17 Aug 2010 09:54:15 -0400
Henri,
You have temporary file vulnerability in FuzzDiff (5b6b5c6c22c1103b4169b9fe6e7bfbc3 c0ce0235f8f0026988c60a3217233c36d829ecdf). Maybe you want to use this module: http://docs.python.org/library/tempfile.html
This is a good example of the difference between a quick and dirty script for accomplishing a simple task and a piece of production-ready software. FuzzDiff belongs to the first category. I'm well aware of what constitutes safe vs. unsafe temporary file usage, and I'll admit that FuzzDiff does not use temporarily files safely by default. I would wager a guess that most homegrown scripts designed for personal use aren't especially concerned with such things. Seeing as there are a number of parameters to tune in the script, I assumed that if you're running this on a production system with multiple users (why?!?!) you would simply change the path of the temporary file to one within your home folder, for example. Calling unsafe temporary file usage in a script like this a "vulnerability" may be a bit of a stretch. On the other hand, it couldn't hurt to fix it, so I did.
Please open bug-tracker for FuzzDiff and put the program under some version controlling software.
FuzzDiff is now hosted on Google Code at: http://code.google.com/p/fuzzdiff/ Feel free to file bugs or feature requests there. The temporary file usage is fixed. Ok, sure, if you have a world-writable /tmp directory without a sticky bit, it may still be vulnerable. Let's not get nit-picky here. Thanks, Dan
Best regards, Henri Salo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkxqiQQACgkQXf6hBi6kbk8/7wCgx4m4Wyv6i9GVfc9rNMLatDAW TQ4An1AqwYBkdJoCJ/7BefGFWXanIfSa =l+p+ -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
On Tue, Aug 17, 2010 at 9:05 AM, Henri Salo <henri () nerv fi> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 26 Jul 2010 16:53:28 -0400 Dan Rosenberg <drosenberg () vsecurity com> wrote:Hello, I'd like to announce FuzzDiff, a simple tool to help make crash analysis during file format fuzzing a bit easier. I'm sure many people have written similar tools for their own purposes, but I haven't seen any that are publicly available. Hopefully at least one person finds it useful. When provided with a fuzzed file, a corresponding original un-fuzzed file, and the path to the targeted program, FuzzDiff will selectively "un-fuzz" portions of the fuzzed file while re-launching the application to monitor for crashes. This will yield a file that still crashes the target application, but contains a minimum set of changes from the original, un-fuzzed file. This can be useful in pinning down the exact cause of a crash. The tool is written in Python and currently only works on Unix-based systems, since it monitors for crashes by checking for SIGSEGV. It also assumes that the target program adheres to the syntax "[program] [args] [input file]". Both of these limitations can be easily worked around. The code is hardly what I'd call production-ready, but it gets the job done. The tool is available at: http://vsecurity.com/resources/tool Happy hacking, Dan Rosenberg
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: FuzzDiff tool Henri Salo (Aug 17)
- Re: FuzzDiff tool Dan Rosenberg (Aug 17)