Attached is a zip file of reported TDS streams that cause segmentation faults in the FreeTDS library. The ‘tsql’ binary was used for the fuzzing, so these most likely only affect client-side functionality. These have been resolved on master and the 1.0 branch. Also included in the zip file is a bucket.txt, a crashwalk db dump detailing the crashes for the files in the zip file. You can find the bucket.txt itself in the following Github gist as well. No CVE’s have been requested. https://gist.github.com/brandonprry/bfb0e58682d464e2d2d319644790bdf5 <https://gist.github.com/brandonprry/bfb0e58682d464e2d2d319644790bdf5> To test, you can compile FreeTDS, then use preeny to redirect network IO to stdin/stdout. export LD_PRELOAD=~/preeny/x86_64-linux-gnu/desock.so unzip freetds_crashed.zip cd rpt for i in id*; do valgrind ~/freetds/build/src/apps/tsql -S 127.0.0.1 -U fdsa -P fdsa -I ~/tdsconfig < $i; done A simple tdsconfig file can be used to speed things up a bit. [global] timeout = 1 connect timeout = 1 Many thanks to Frediano Ziglio, the maintainer of FreeTDS, for quick communication and bug fix turn arounds.
Attachment:
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/