search

raghavmishra / google-security-research

Automatically exported from code.google.com/p/google-security-research
0 stars 0 forks source link

Kaspersky Antivirus multiple memory corruption issues #536

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
Kaspersky requested that I start sending them raw fuzz output, in order to more 
rapidly get reports. I agreed, and sent them the first batch of crashes after 
verifying they all reproduced with the signatures released on the 16th 
September.

The first batch contained the following samples:

$ ls -l
total 117M
-rw------- 1 taviso eng 297K Sep  1 16:11 171817281d5fef3c5c903f2e7c4c5e2b
-rw------- 1 taviso eng  97K Sep  1 14:54 3af29369d082014b9d5bea18cf803fd7
-rw------- 1 taviso eng  20M Sep  1 16:11 47c776b04f80cfb0390cf9c3e8f94d84
-rw------- 1 taviso eng 6.6K Sep  1 14:54 519a84c040d293ccc709072d795431ab
-rw------- 1 taviso eng  83K Sep  1 14:54 52963bec3b89bb49d368dff0f35ab97d
-rw------- 1 taviso eng 4.4M Sep  1 14:54 5c8539c20583d72d21a02bee1d408709
-rw------- 1 taviso eng 5.0M Sep  1 14:54 724e01a9a98ec3747dbf7dbdb778dc08
-rw------- 1 taviso eng  32K Sep  1 14:54 78e152bc8068e00203d14e1a3f5e9012
-rw------- 1 taviso eng 409K Sep  1 14:54 83323657d40a07ef07539f007f427bf3
-rw------- 1 taviso eng  24K Sep  1 14:54 89ebf1d6f3a838806069784fa4d71f7d
-rw------- 1 taviso eng 6.8M Sep  1 14:54 9050dc7f748880cee360806a1f642afb
-rw------- 1 taviso eng 194K Sep  1 14:54 9902cf17a16c7eb52d8177627cf96a32
-rw------- 1 taviso eng 546K Sep  1 16:11 a431e5b42f4aa52483914806febe77ef
-rw------- 1 taviso eng 234K Sep  1 14:54 b2b07ce799c02910c07413e06b24ed3e
-rw------- 1 taviso eng 102K Sep  9 10:04 c3608a793a7e9e24264211ff095b944b
-rw------- 1 taviso eng 234K Sep  9 10:04 c37ac9a3e967934a2746241f9a526665
-rw------- 1 taviso eng 5.1M Sep  1 14:54 ccb4277f0b97315f4ae007a80133c25b
-rw------- 1 taviso eng 879K Sep  9 10:04 cde3bffa5d400854b13d8ee2ba43cd87
-rw------- 1 taviso eng 7.0M Sep  1 14:54 d82108b5a24ed770a305b6e58205e367
-rw------- 1 taviso eng 418K Sep  9 10:04 e0bd1a7f4960133f88eb914e67468bbe
-rw------- 1 taviso eng 3.5M Sep  1 16:11 e1013d1d73c4c70be6f41d1bb66d61d0
-rw------- 1 taviso eng 588K Sep  9 10:04 e75344e847d70065b219995ec01c73b8
-rw------- 1 taviso eng  21K Sep  1 14:54 fdb9b952ae77c638d4654995d0761db5
-rw------- 1 taviso eng 607K Sep  1 16:11 fe1049c91cb3056bac6fceda92af420d
-rw------- 1 taviso eng 3.0M Sep  9 10:04 fe24d9f99e2a43d9576767d19fd4420e

The samples are too big to attach, but many were obviously exploitable.

This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without a broadly available patch, then the bug report will automatically
become visible to the public.

Original issue reported on code.google.com by tav...@google.com on 17 Sep 2015 at 10:38

GoogleCodeExporter commented 8 years ago 
Kaspersky replied:

Hi Tavis,

Thank you for sending these samples to us!

We have released fixes for following samples:
a0d384bfe30ee1d17f87c41ae60937aa
cde3bffa5d400854b13d8ee2ba43cd87
e0bd1a7f4960133f88eb914e67468bbe
e75344e847d70065b219995ec01c73b8
5c8539c20583d72d21a02bee1d408709
fe24d9f99e2a43d9576767d19fd4420e
78e152bc8068e00203d14e1a3f5e9012
9902cf17a16c7eb52d8177627cf96a32
c3608a793a7e9e24264211ff095b944b
3af29369d082014b9d5bea18cf803fd7
fe1049c91cb3056bac6fceda92af420d
52963bec3b89bb49d368dff0f35ab97d
83323657d40a07ef07539f007f427bf3
89ebf1d6f3a838806069784fa4d71f7d

and continue working on remaining ones.

Original comment by tav...@google.com on 17 Sep 2015 at 10:39

GoogleCodeExporter commented 8 years ago 
Kaspersky Update:

Hi Tavis,

We have fixed bugs reproduced with following samples:
b2b07ce799c02910c07413e06b24ed3e
c37ac9a3e967934a2746241f9a526665
171817281d5fef3c5c903f2e7c4c5e2b

There are few more to analyze and fix.

Thanks,
Igor

Original comment by tav...@google.com on 21 Sep 2015 at 9:37

GoogleCodeExporter commented 8 years ago 
All of these issues were resolved by November 16th.

Original comment by tav...@google.com on 16 Nov 2015 at 7:24