*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Seth Arnold (seth-arnold):
grep <2.11 is vulnerable to command execution vulnerability, and it is
not possible to patch unless you build the source directly from the git
repo.
ubuntu 12.04(And everything else, I would assume) uses version 2.10 of
grep. it is not possible to upgrade without downloading the src and
building it yourself.
PoC:
perl -e 'print "x"x(2**31)' | grep x > /dev/null
This is the grep news form for this:
* Noteworthy changes in release 2.11 (2012-03-02) [stable]
** Bug fixes
grep no longer dumps core on lines whose lengths do not fit in 'int'.
(e.g., lines longer than 2 GiB on a typical 64-bit host).
Instead, grep either works as expected, or reports an error.
An error can occur if not enough main memory is available, or if the
GNU C library's regular expression functions cannot handle such long lines.
[bug present since "the beginning"]
Solution: Send out a grep update with atleast 2.11 grep from
http://git.sv.gnu.org/cgit/grep.git
Full PoC of actually "abusing" this vulnerablility(ls -la within grep)
can be provided, if 100% needed.
** Affects: grep (Ubuntu)
Importance: Undecided
Status: New
--
grep <2.11 is vulnerable to "Arbitrary command execution"
https://bugs.launchpad.net/bugs/1091473
You received this bug notification because you are a member of Ubuntu Bugs,
which is subscribed to the bug report.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
