wiki.libav.org
Security/Tools
https://wiki.libav.org/Security/Tools
Libav contains numerous bugs. Many have already been fixed, some remain - and ocasionally, one reappears. Complex code has plenty of corner cases and many of them can lead to memory corruption and crashes, infinite loops and memory leaks. Fortunately, there are a variety of useful tools available to catch them. Consider using Libav in a sandbox. The Libav build system provides built-in support. For most of the instrumentation tools described below. Those tools let you run unmodified. Has problems trackin...
blog.fuzzing-project.org
Out of bounds heap bugs in glib, heap buffer overflow in gnome-session | The Fuzzing Project
https://blog.fuzzing-project.org/53-Out-of-bounds-heap-bugs-in-glib,-heap-buffer-overflow-in-gnome-session.html
Back to main page. Out of bounds heap bugs in glib, heap buffer overflow in gnome-session. Posted by Hanno Böck. Friday, September 16. 2016. By testing GNOME-related packages with Address Sanitizer I recently discovered several trivial to find bugs. I strongly recommend to GNOME and to other software communities to use Address Sanitizer testing in order to improve the quality of their software. Out of bounds read in g unichar iswide bsearch() / glib. Fixed in 2.48.2. Fixed in 2.48.0. To prevent automated...
blog.fuzzing-project.org
dosfstools / fsck.vfat: Several invalid memory accesses | The Fuzzing Project
https://blog.fuzzing-project.org/44-dosfstools-fsck.vfat-Several-invalid-memory-accesses.html
Back to main page. Dosfstools / fsck.vfat: Several invalid memory accesses. Posted by Hanno Böck. Sunday, May 8. 2016. I lately fuzzed various filesystem check tools. This uncovered a number of issues in dosfstools / fsck.fat that have now been fixed in the new version 4.0. All issues were found with american fuzzy lop and address sanitizer. Global out of bounds read file stat() / check dir(). Git commit / fix. Unclear invalid memory access in get fat(). Git commit / fix. Heap overflow in read fat().
blog.hboeck.de
Gentoo - Hanno's blog
https://blog.hboeck.de/categories/11-Gentoo
Tuesday, January 26. 2016. Safer use of C code - running Gentoo with Address Sanitizer. When I wrote this blog post it was an open question for me whether using Address Sanitizer in production is a good idea. A recent analysis posted on the oss-security mailing list. Address Sanitizer is mainly intended to be a debugging tool. It is usually used to test single applications, often in combination with fuzzing. But as Address Sanitizer can prevent many typical C security bugs - why not use it in pro...It do...
code.kindservice.net
Lecture 6 – Coding for sharing
http://code.kindservice.net/2015/11/08/lecture-6
XSS Cross-site Scripting and XSRF. Design and Build Secure Software. XSS Cross-site Scripting and XSRF. Design and Build Secure Software. Cross site scripting attacks (XSS), cookie session ID stealing. Contract, interface, abstract class. Case Study: Consuming SOAP Web service (http:/ www.w3schools.com/webservices/tempconvert.asmx) in Android Example. On WordPress Resources at SiteGround. Week 6 Help Center. This week, we look at the broader practice of. Penetration Testing: Techniques and Tools. From an...
blog.hboeck.de
Code - Hanno's blog
https://blog.hboeck.de/categories/20-Code
Tuesday, January 26. 2016. Safer use of C code - running Gentoo with Address Sanitizer. When I wrote this blog post it was an open question for me whether using Address Sanitizer in production is a good idea. A recent analysis posted on the oss-security mailing list. Address Sanitizer is mainly intended to be a debugging tool. It is usually used to test single applications, often in combination with fuzzing. But as Address Sanitizer can prevent many typical C security bugs - why not use it in pro...It do...
blog.fuzzing-project.org
Many invalid memory access issues in libarchive | The Fuzzing Project
https://blog.fuzzing-project.org/47-Many-invalid-memory-access-issues-in-libarchive.html
Back to main page. Many invalid memory access issues in libarchive. Posted by Hanno Böck. Friday, June 17. 2016. Libarchive version 3.2.0 (released on April 30th) fixed a large number of memory access bugs that I reported to them a while ago. All issues (except the test suite failure) were found with the help of american fuzzy lop and either address sanitizer or undefined behavior sanitizer. Unclear invalid memory read in CPIO parser. Null pointer access in RAR parser. Null pointer access in CAB parser.
blog.fuzzing-project.org
Fun with Bignums: Crashing MatrixSSL and more | The Fuzzing Project
https://blog.fuzzing-project.org/51-Fun-with-Bignums-Crashing-MatrixSSL-and-more.html
Back to main page. Fun with Bignums: Crashing MatrixSSL and more. Posted by Hanno Böck. Sunday, July 31. 2016. If you've been following my fuzzing work you will be aware that I've fuzzed various bignum libraries and found several bugs by comparing implementations against each other. I recently had a look at the MatrixSSL's modular exponentiation function, for reasons I'll explain later. I wrote a wrapper, similar to previous experiments, comparing its result to OpenSSL. Both values crash the MatrixSSL se...
blog.fuzzing-project.org
htpasswDoS: Local Denial of Service via Apache httpd password hashes | The Fuzzing Project
https://blog.fuzzing-project.org/56-htpasswDoS-Local-Denial-of-Service-via-Apache-httpd-password-hashes.html
Back to main page. HtpasswDoS: Local Denial of Service via Apache httpd password hashes. Posted by Hanno Böck. Tuesday, January 10. 2017. Apache supports HTTP basic authentication, a simple login mechanism with username and password that is part of the HTTP protocol. This can be configured via the .htaccess file. On a web server. A very simple htaccess file looks like this:. Bcrypt hash with insane running time. For every login attempt with the right username the server will calculate the hash. The r...
blog.fuzzing-project.org
Why it can make sense to fuzz config files / two out of bounds vulnerabilities in curl (TFPA 004/2015) | The Fuzzing Project
https://blog.fuzzing-project.org/8-Why-it-can-make-sense-to-fuzz-config-files-two-out-of-bounds-vulnerabilities-in-curl-TFPA-0042015.html
Back to main page. Why it can make sense to fuzz config files / two out of bounds vulnerabilities in curl (TFPA 004/2015). Posted by Hanno Böck. Wednesday, April 22. 2015. Today version 7.42.0 of curl was released. It fixes two vulnerabilities and one not security relevant bug that I found via fuzzing and reported. All issues were reported to the curl security team on 16th April 2015 and are fixed in curl 7.42.0. Thanks to Daniel Stenberg of the curl team who quickly fixed all the issues I re...When usin...