Security Vulnerability: Linux “Strings” Utility

Strings utility is often used by malware analyst to extract metadata (text strings) of a suspicious executable file.

This utility has long been considered safe till Google security engineer, Michal Zalewski found potential vulnerability in a library called libbfd (the Binary File Descriptor Library).

libbfd sits at the core of GNU Binutils, which is used for file format parsing. And, GNU Binutils is a collection of tools for binary file analysis and manipulation available by default in most Linux distributions.

Strings utility can somehow be exploited as it relies on libbfd to optimize the file analysis process. This means that the attacker could create a binary file that exploits vulnerabilities in libbfd when analyzed by strings utility in order to execute arbitrary code on the underlying system.

For strings specifically, invoking it with -a parameter could inhibit the use of libbfd.