>Number:         33551
>Category:       bin
>Synopsis:       strings(1) crashes on user-supplied input
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu May 25 02:15:04 +0000 2006
>Originator:     Daniel Carosone
>Release:        NetBSD 3.99.19
>Organization:
	
>Environment:
	
	
System: NetBSD bcd.geek.com.au 3.99.19 NetBSD 3.99.19 (_bcd_) #20: Fri May 12 22:40:19 EST 2006 dan@resurgam:/home/NetBSD/obj/p2/home/NetBSD/HEAD/src/sys/arch/i386/compile/_bcd_ i386
Architecture: i386
Machine: i386
>Description:

The strings utility is susceptible to a denial-of-service because it
fails to properly handle unexpected user-supplied input.

This issue allows attackers to crash the affected utility.  This may
aid attackers by making analysis of binary files more difficult.

SO is tracking this issue as #7482, in case the severity becomes
worse; for example if the issue turns out allow code injection for a
tool an administrator might run.

This is real - on 3.0 (x86) at least.

Details:
http://sourceware.org/bugzilla/show_bug.cgi?id=2584

Please be aware that the fix in CVS is _different_ from the patch in the
bug report.

http://sourceware.org/cgi-bin/cvsweb.cgi/src/bfd/tekhex.c.diff?r1=1.26&r2=1.26.22.1&cvsroot=src&f=h

>How-To-Repeat:
see above
>Fix:
see above

>Unformatted: