I environment variable fuzzed the Debian 5.05 repository consisting of the following binaries:
https://github.com/silviocesare/Automated-Audits/blob/master/Debian5.05/EnvironmentVariableFuzzing/05-01-2011/PrivilegedProgramList This is roughly most but not quite all SUID/SGID programs in Debian. There were some package conflicts which meant I didn't get complete automated coverage of the repository. I used the public sharefuzz tool which tries using long environment variables to trigger buffer overflows. I had three crashes and reported bugs for each: toppler http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608979 lbreakout2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608980 zhcon http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608981 Any followup comments should CC me. -- Silvio Cesare
