The Precise Pangolin has reached end of life, so this bug will not be
fixed for that release
** Changed in: grep (Ubuntu Precise)
Status: Triaged => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs
lucid has seen the end of its life and is no longer receiving any
updates. Marking the lucid task for this ticket as "Won't Fix".
** Changed in: grep (Ubuntu Lucid)
Status: Triaged => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscri
This was fixed in 2.11-1, so Ubuntu 12.10 and 13.04 are not affected.
** Also affects: grep (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: grep (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: grep (Ubuntu Quantal)
Importance: Undecide
Under MORE analysis, it does appear to allow command execution, but I can't get
the ls -la working.
I'm a noob at asm.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1091473
Title:
grep <2.1
After more analysis, it may not be vulnerable to command execution.
Not sure.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1091473
Title:
grep <2.11 is vulnerable to "Arbitrary command exec
** Tags added: precise upgrade-software-version
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1091473
Title:
grep <2.11 is vulnerable to "Arbitrary command execution"
To manage notification
Joshua Rogers
> Full PoC of actually "abusing" this vulnerablility(ls -la within grep) can be
> provided, if 100% needed.
We need it (full PoC).
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1
perl -e 'print "x"x(2**31)' | grep x > /dev/null
just run that
if that's what you mean by a "reproducer"
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1091473
Title:
grep <2.11 is vulnerabl
Thanks Joshua,
Kurt Seifried has expressed an interest in a reproducer, so if you have
one available, please do attach it.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1091473
Title:
grep
** Changed in: grep (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1091473
Title:
grep <2.11 is vulnerable to "Arbitrary command execution"
To manage
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5667
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1091473
Title:
grep <2.11 is vulnerable to "Arbitrary command executi
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1091473
Title:
grep <2.11 is vulnerable to "Arbitrary command execution"
To manage
12 matches
Mail list logo