Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Mayhem <firstname.lastname@example.org> To: Debian Bug Tracking System: <email@example.com> Subject: nfs-common: nfsidmap crashes with exit status 139 X-Debbugs-Cc: none Package: nfs-common Version: 1:1.2.8-4 Severity: normal Tag: security User: firstname.lastname@example.org Usertags: mayhem nfsidmap crashes with exit status 139. We confirmed the crash by re-running it in a fresh debian unstable installation. The attachment  contains a testcase (under ./crash) crashing the program. It ensures that you can easily reproduce the bug. Additionally, under ./crash_info/, we include more information about the crash such as a core dump, the dmesg generated by the crash, and its output. Regards, The Mayhem Team (Alexandre Rebert, Thanassis Avgerinos, Sang Kil Cha, David Brumley, Manuel Egele) Cylab, Carnegie Mellon University  http://www.forallsecure.com/bug-reports/557e857e10afad31f118e3534f57d3cf7645d9fd/full_report -- Package-specific info: -- rpcinfo -- program vers proto port service 100000 4 tcp 111 portmapper 100000 3 tcp 111 portmapper 100000 2 tcp 111 portmapper 100000 4 udp 111 portmapper 100000 3 udp 111 portmapper 100000 2 udp 111 portmapper 100024 1 udp 46579 status 100024 1 tcp 50329 status -- /etc/default/nfs-common -- NEED_STATD= STATDOPTS= NEED_IDMAPD= NEED_GSSD= -- /etc/idmapd.conf -- [General] Verbosity = 0 Pipefs-Directory = /var/lib/nfs/rpc_pipefs [Mapping] Nobody-User = nobody Nobody-Group = nogroup -- /etc/fstab -- -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 3.9-1-686-pae (SMP w/1 CPU core) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Versions of packages nfs-common depends on: ii adduser 3.113+nmu3 ii initscripts 2.88dsf-41 ii libc6 2.17-6 ii libcap2 1:2.22-1.2 ii libcomerr2 1.42.8-1 ii libdevmapper1.02.1 2:1.02.77-3 ii libevent-2.0-5 2.0.21-stable-1 ii libgssglue1 0.4-2 ii libk5crypto3 1.10.1+dfsg-5+deb7u1 ii libkeyutils1 1.5.5-7 ii libkrb5-3 1.10.1+dfsg-5+deb7u1 ii libmount1 2.20.1-5.4 ii libnfsidmap2 0.25-5 ii libtirpc1 0.2.2-5 ii libwrap0 7.6.q-24 ii lsb-base 4.1+Debian12 ii rpcbind 0.2.0-8 ii ucf 3.0027 Versions of packages nfs-common recommends: ii python 2.7.5-2 Versions of packages nfs-common suggests: pn open-iscsi <none> pn watchdog <none> -- no debconf information
We would like to keep track of statistics of the bugs, so we would really appreciate it if you took the time to update its status.
We found the bug using Mayhem, an automatic bug finding system that we've been developing in David Brumley's research lab for a couple of years now. We recently ran Mayhem on almost all ELF binaries of Debian Wheezy (~23,000 binaries) for 5 minutes each, and we found thousands of crashes on thousands of application.
Our goal here is to make bug reports as complete and accurate as possible, so that we are not wasting your time. To minimize duplicates, we are reporting only one crash per binary, and at most 5 crashes per package. This amounts to 1,182 crashes. Moreover, to ensure accuracy, we confirmed all the crashes by re-running them in a fresh unstable installation. Finally, we also filter out assertion failures for now, as they seemed less important. In short, this report is reproducible and actionable.