URL:
<http://savannah.gnu.org/bugs/?45119>
Summary: Grub-macbless has a buffer overflow
Project: GNU GRUB
Submitted by: gdl
Submitted on: Sun 17 May 2015 08:09:27 AM GMT
Category: Security
Severity: Major
Priority: 5 - Normal
Item Group: Software Error
Status: None
Privacy: Public
Assigned to: None
Originator Name: Gregory Disney-Leguers
Originator Email: gregory.dis...@owasp.org
Open/Closed: Open
Discussion Lock: Any
Release:
Release: 2.02~beta1
Reproducibility: Every Time
Planned Release: None
_______________________________________________________
Details:
grub-macbless contains a buffer overflow, due to fprintf() at line 134
at https://github.com/coreos/grub/blame/master/util/grub-macbless.c.
Steps to reproduce:
1. `/usr/sbin/grub-macbless --x86 `perl -e 'print "A"x1024 .
"\xfc\xff\xff\xff"x2`
2. gdb /usr/sbin/grub-macbless core.2067 Expected result: Segmentation
Fault caused by buffer overflow.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?45119>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
_______________________________________________
Bug-grub mailing list
Bug-grub@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-grub
