Saturday, April 20, 2013

Fuzzing Monitoring with WinDBG Console Debugger(cdb.exe)

Hi readers, It's been more than three months I haven't written any blog post, Hope you guys are doing well. In this post I will share one of my fuzzing helper script. During Fuzz testing of any application in automated manner, we provide invalid, unexpected, or random data to the inputs of a the target program. The target program is then monitored for unusual behavior.

Generating test case is entirely depending on you, and this is the key of finding good number of quality bugs. But monitoring the target application during fuzz testing is also very important. One can monitor the target application in many ways.


  1. Monitor for Process Termination
  2. Monitor the Event Log
  3. Monitor Application Crashes using debugger

In general I use Python's debugger module known as "pydbg" to monitor behavior/crash of the application I am fuzzing, but I was looking for something better and faster. So I posted a question on NullCon Google group Increasing Fuzzing Speed.

Many great ideas and suggestions came out of the discussion. So from that I finally I decided to try WinDBG Console debugger ( cdb.exe ) as fuzzing monitoring tool. So using this console debugger I wrote on very simple and small python class which can be used to monitor any windows application while fuzzing.
This script doesn't have any test case generator, As I have already told you generating test cases is the key of getting good quality bugs in any application and its entirely depend on you how you generate test cases.
So here is the python class : This script uses "cdb.exe" so make sure you have that installed.
And You can use this class in this way to monitor and track crashes:


Final Thought: I was not very happy with the performance of this fuzzing monitoring script. I consider pydbg is a better options than WinDBG ( cdb.exe )for fuzzing monitoring. If I compare the speed between the fuzzer which I've written using pydbg and this one(using cdb.exe), then I realized that fuzzing speed was much slower when "cdb.exe" was used for monitoring.

Thursday, April 11, 2013

Buffer Overflow Vulnerabilty in VLC Media Player ASF Demuxer


Affected versions  : VLC media player 2.0.5 and earlier
CVE reference      : CVE-2013-1954
Official Advisory:

http://www.videolan.org/security/sa1302.html

Image Source : http://hackread.com/critical-vulnerability-found-on-vlc-media-player/


Details:
When parsing a specially crafted ASF movie, a buffer overflow might occur.
Impact
If successful, a malicious third party could trigger an invalid memory access, leading to a crash of VLC media player's process. In some cases attackers might exploit this issue to execute arbitrary code within the context of the application.
Threat mitigation
Exploitation of this issue requires the user to explicitly open a specially crafted ASF movie.
Workarounds
The user should refrain from opening files from untrusted third parties or accessing untrusted remote sites (or disable the VLC browser plugins), until the patch is applied.
Alternatively, the ASF demuxer (libasf_plugin.*) can be removed manually from the VLC plugin installation directory. This will prevent ASF movie playback.
Solution
This issue is addressed in VLC media player 2.0.x source code repository by replacing a macro with a static inline and improved bounds checking.
This patch is included in VLC's 2.0.6 release.
Windows and Mac OS X builds can be found on the VideoLAN nightlies website.