I environment variable fuzzed the Debian 5.05 repository consisting of the
following binaries:

https://github.com/silviocesare/Automated-Audits/blob/master/Debian5.05/EnvironmentVariableFuzzing/05-01-2011/PrivilegedProgramList

This is roughly most but not quite all SUID/SGID programs in Debian. There
were some package conflicts which meant I didn't get complete automated
coverage of the repository.

I used the public sharefuzz tool which tries using long environment
variables to trigger buffer overflows. I had three crashes and reported bugs
for each:

toppler http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608979
lbreakout2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608980
zhcon http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608981

Any followup comments should CC me.

--
Silvio Cesare

Reply via email to