[Full-disclosure] FuzzDiff tool
henri at nerv.fi
Tue Aug 17 14:05:08 BST 2010
-----BEGIN PGP SIGNED MESSAGE-----
On Mon, 26 Jul 2010 16:53:28 -0400
Dan Rosenberg <drosenberg at vsecurity.com> wrote:
> I'd like to announce FuzzDiff, a simple tool to help make crash
> analysis during file format fuzzing a bit easier. I'm sure many
> people have written similar tools for their own purposes, but I
> haven't seen any that are publicly available. Hopefully at least one
> person finds it useful.
> When provided with a fuzzed file, a corresponding original un-fuzzed
> file, and the path to the targeted program, FuzzDiff will selectively
> "un-fuzz" portions of the fuzzed file while re-launching the
> application to monitor for crashes. This will yield a file that still
> crashes the target application, but contains a minimum set of changes
> from the original, un-fuzzed file. This can be useful in pinning down
> the exact cause of a crash.
> The tool is written in Python and currently only works on Unix-based
> systems, since it monitors for crashes by checking for SIGSEGV. It
> also assumes that the target program adheres to the syntax "[program]
> [args] [input file]". Both of these limitations can be easily worked
> around. The code is hardly what I'd call production-ready, but it
> gets the job done.
> The tool is available at:
> Happy hacking,
> Dan Rosenberg
Please open bug-tracker for FuzzDiff and put the program under some
version controlling software.
You have temporary file vulnerability in FuzzDiff
c0ce0235f8f0026988c60a3217233c36d829ecdf). Maybe you want to use
this module: http://docs.python.org/library/tempfile.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
-----END PGP SIGNATURE-----
Full-Disclosure is hosted and sponsored by Secunia.