although we discovered this buffer overflow manually, we later tried to fuzz the vulnerable function, parse_tunables(); both AFL++ and libFuzzer re-discovered this overflow in less than a second, when provided with a dictionary of tunables
How prevalent is the use of fuzzers in FLOSS infrastructure projects? I know the Linux kernel is regularly fuzzed, but even there I'm not sure if this is done by regular kernel developers/maintainers or third-party researchers.
"Exploitation method described in this advisory works
against almost all of the SUID-root programs that are installed by
default on Linux; a few exceptions are:
- sudo on all distributions, because it specifies its own ELF RUNPATH
(/usr/libexec/sudo), which overrides our l_info[DT_RPATH];
- chage and passwd on Fedora, because they are protected by special
SELinux rules;
- snap-confine on Ubuntu, because it is protected by special AppArmor
rules."
Glibc dynamic loader hit by a nasty local privilege escalation vulnerability - https://news.ycombinator.com/item?id=37756357 - Oct 2023 (56 comments)