Mageia Bugzilla – Attachment 10346 Details for
Bug 23501
sleuthkit new security issues CVE-2017-1375[56], CVE-2017-13760, CVE-2018-1173[7-9], CVE-2018-11740
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
Log In
[x]
|
New Account
|
Forgot Password
Post-update POC tests
sleuthkit.post (text/plain), 1.62 KB, created by
Len Lawrence
on 2018-09-01 18:06:25 CEST
(
hide
)
Description:
Post-update POC tests
Filename:
MIME Type:
Creator:
Len Lawrence
Created:
2018-09-01 18:06:25 CEST
Size:
1.62 KB
patch
obsolete
>POC tests after update to sleuthkit-4.6.2-2.mga6 > >CVE-2017-13755 >$ fls segfault.img >V/V 1: $OrphanFiles ><Good, possibly> > >CVE-2017-13756 >$ mmls -t dos hang.imgDOS Partition Table >Offset Sector: 0 >Units are in 512-byte sectors > Slot Start End Length Description >000: Meta 0000000000 0000000000 0000000001 Primary Table (#0) >001: Meta 0000000000 0000000127 0000000128 DOS Extended (0x05) >002: Meta 0000000000 0000000000 0000000001 Extended Table (#1) >003: ------- 0000000000 0000000000 0000000001 Unallocated >004: 000:000 0000000001 0000000001 0000000001 Linux (0x83) >005: 001:000 0000000001 0000000001 0000000001 Linux (0x83) >006: ------- 0000000002 0000000002 0000000001 Unallocated ><Good> > >CVE-2017-13760 >$ fls hang.img >Cannot determine file system type ><No change but probably good> > >CVE-2018-11737 >Cannot determine file system type ><Same as before for both files - likely good> > >CVE-2018-11739 >$ fls -lrp id:000015,sig:06,src:000001,op:flip32,pos:1113 >$ fls -lrp id:000007,sig:06,src:000000,op:arith8,pos:64,val:-21 >Cannot determine file system type >$ fls -lrp id:000014,sig:06,src:000001,op:flip8,pos:1113 >$ ><Two good, one unchanged but looks OK> > >CVE-2018-11740 > >All of the POC files produced the same output as before, e.g. >$ fls -lrp id:000009,sig:06,src:000000,op:arith8,pos:6124,val:-35 >File system is corrupt (ntfs_attr_walk: Resident attribute 5-0 starting offset and length too large) ( - ntfs_dir_open_meta) > >Not possible to compare with the ASAN output which is a debug stream. >The impression is that this is benign output from the fls tool. > >
POC tests after update to sleuthkit-4.6.2-2.mga6 CVE-2017-13755 $ fls segfault.img V/V 1: $OrphanFiles <Good, possibly> CVE-2017-13756 $ mmls -t dos hang.imgDOS Partition Table Offset Sector: 0 Units are in 512-byte sectors Slot Start End Length Description 000: Meta 0000000000 0000000000 0000000001 Primary Table (#0) 001: Meta 0000000000 0000000127 0000000128 DOS Extended (0x05) 002: Meta 0000000000 0000000000 0000000001 Extended Table (#1) 003: ------- 0000000000 0000000000 0000000001 Unallocated 004: 000:000 0000000001 0000000001 0000000001 Linux (0x83) 005: 001:000 0000000001 0000000001 0000000001 Linux (0x83) 006: ------- 0000000002 0000000002 0000000001 Unallocated <Good> CVE-2017-13760 $ fls hang.img Cannot determine file system type <No change but probably good> CVE-2018-11737 Cannot determine file system type <Same as before for both files - likely good> CVE-2018-11739 $ fls -lrp id:000015,sig:06,src:000001,op:flip32,pos:1113 $ fls -lrp id:000007,sig:06,src:000000,op:arith8,pos:64,val:-21 Cannot determine file system type $ fls -lrp id:000014,sig:06,src:000001,op:flip8,pos:1113 $ <Two good, one unchanged but looks OK> CVE-2018-11740 All of the POC files produced the same output as before, e.g. $ fls -lrp id:000009,sig:06,src:000000,op:arith8,pos:6124,val:-35 File system is corrupt (ntfs_attr_walk: Resident attribute 5-0 starting offset and length too large) ( - ntfs_dir_open_meta) Not possible to compare with the ASAN output which is a debug stream. The impression is that this is benign output from the fls tool.
View Attachment As Raw
Actions:
View
Attachments on
bug 23501
:
10344
|
10345
| 10346