Bug report preview for lbreakout2server

Report that will be submitted


The security tag will be removed before submitting the report. The majority of bugs found seems to have little security implications.
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Mayhem <mayhem@forallsecure.com>
To: Debian Bug Tracking System: <maintonly@bugs.debian.org>
Subject: lbreakout2: lbreakout2server crashes with exit status 136
X-Debbugs-Cc: none

Package: lbreakout2
Version: 2.6.4-1
Severity: normal
Tag: security
User: mayhem@forallsecure.com
Usertags: mayhem

lbreakout2server crashes with exit status 136. We confirmed the crash by
re-running it in a fresh debian unstable installation.

The attachment [1] contains a testcase (under ./crash) crashing the
program. It ensures that you can easily reproduce the bug. Additionally,
under ./crash_info/, we include more information about the crash such as
a core dump, the dmesg generated by the crash, and its output.

The Mayhem Team (Alexandre Rebert, Thanassis Avgerinos, Sang Kil Cha, David Brumley, Manuel Egele)
Cylab, Carnegie Mellon University

[1] http://www.forallsecure.com/bug-reports/19cc55c8b245ae8615fa5ad1cb27f77129eb659e/full_report

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 3.9-1-686-pae (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash

Versions of packages lbreakout2 depends on:
ii  lbreakout2-data  2.6.4-1
ii  libc6            2.17-6
ii  libpng12-0       1.2.49-4
ii  libsdl-mixer1.2  1.2.12-5
ii  libsdl1.2debian  1.2.15-5
ii  zlib1g           1:1.2.8.dfsg-1

lbreakout2 recommends no packages.

lbreakout2 suggests no packages.

-- no debconf information

Download full report

Submission to the Debian BTS (July 10th, 2013)

In two weeks (the 10th of July of 2013), we will pull the latest package from debian unstable and re-run our testcase. Hopefully, you will have had time to update the package with a fix. If the crash still exists, then we will go ahead and submit a report to the Debian BTS. The main reason behind the preview is to give you time to assess the seriousness of the bug so that you can prepare an urgent security patch if necessary. If the bug is security critical and you do not have time to release a fix in the given time frame, please contact us at alexandre@cmu.edu so that we can delay the public disclosure.

Update status

We would like to keep track of statistics of the bugs, so we would really appreciate it if you took the time to update its status.

How was the bug found?

We found the bug using Mayhem, an automatic bug finding system that we've been developing in David Brumley's research lab for a couple of years now. We recently ran Mayhem on almost all ELF binaries of Debian Wheezy (~23,000 binaries) for 5 minutes each, and we found thousands of crashes on thousands of application.

Our goal here is to make bug reports as complete and accurate as possible, so that we are not wasting your time. To minimize duplicates, we are reporting only one crash per binary, and at most 5 crashes per package. This amounts to 1,182 crashes. Moreover, to ensure accuracy, we confirmed all the crashes by re-running them in a fresh unstable installation. Finally, we also filter out assertion failures for now, as they seemed less important. In short, this report is reproducible and actionable.