OllyDbg Error in Loading Processes With Long Names Lets Users Crash the Debugger - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > OllyDbg

Vendors: Yuschuk, Oleh

OllyDbg Error in Loading Processes With Long Names Lets Users Crash the Debugger

SecurityTracker Alert ID: 1013478

SecurityTracker URL: http://securitytracker.com/id/1013478

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Mar 19 2005

Impact: Denial of service via local system

Exploit Included: Yes

Version(s): 1.10 and prior versions

Description: ATmaCA reported a vulnerability in OllyDbg. A user can cause OllyDbg to crash.

A user can create a specially crafted DLL filename that, when loaded as a process, will trigger the flaw and cause OllyDbg to crash. A name longer than approximately 200 bytes can trigger the flaw.

A demonstration exploit is provided:

http://www.atmacasoft.com/exp/OllyHole.exe

ATmaCA discovered this vulnerability, with credit given to Kozan

Impact: A user can cause OllyDbg to crash.

Solution: No solution was available at the time of this entry.

Vendor URL: home.t-online.de/home/Ollydbg/ (Links to External Site)

Cause: Not specified

Underlying OS: Windows (Any)

Message History: None.

Source Message Contents

Date: Sat, 19 Mar 2005 01:05:20 +0200
Subject: OllyDbg long process Module debug Vulnerability


Vendor:
Oleh Yuschuk

Application: 
OllyDbg
http://home.t-online.de/home/Ollydbg/

Introduction:
OllyDbg is a 32-bit assembler level analysing debugger for Microsoft® Windows®.
Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable.

Affected Versions:
1.10 (final version) and prior versions.

Overview:
In OllyDbg, if a target process loads modules that contains long name 
(greater than around 200 bytes), OllyDbg will be crashed.

This hole can be used for an anti-debug method for OllyDbg.


Vendor Status:
No vendor response.

Discovery: 
ATmaCA 
atmaca@atmacasoft.com
www.atmacasoft.com
www.spyinstructors.com
Credit to Kozan

POC:
Debug this program with OllyDbg,
when the program runs, a folder that named "olly hole" will be 
created on desktop and a long named dll will be created in 
this folder.  then it will load this and finally
olly debug will be crashed.

http://www.atmacasoft.com/exp/OllyHole.exe

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC