|
| From: | Chao Zhang |
| Subject: | Re: pspp - cve-2017-10791 - cve-2017-10792 |
| Date: | Tue, 4 Jul 2017 07:06:23 +0800 |
| User-agent: | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:54.0) Gecko/20100101 Thunderbird/54.0 |
Dear Friedrich,We are using smart fuzzing to test open source applications, including pspp. Our tool collAFL is an enhanced version of AFL.
The core of AFL is an genetic algorithm to automatically discover interesting test cases that trigger new internal states in the targeted application, which leads to a high code coverage. Our tool collAFL's improvement over AFL is that, it reduces some collisions in AFL's algorithm, and increases the code coverage of AFL.
The evaluation result is good so far. We found dozens of vulnerabilities in open source applications using collAFL. We are writing a paper about it. More details will be discussed in the paper. Once the paper is ready, we can share a copy with you, if you are interested.
Thanks, Chao On 7/3/17 1:22 PM, Friedrich Beckmann wrote:
Dear owl337 team, thanks for looking at pspp and finding the security problems https://security-tracker.debian.org/tracker/CVE-2017-10791 and https://security-tracker.debian.org/tracker/CVE-2017-10792 in pspp! Your reports are quite detailed. Could you describe how you found the problems, i.e. do you have some information about collAFL? Regards Friedrich
| [Prev in Thread] | Current Thread | [Next in Thread] |