Release date:
Updated on:
Affected Systems:
Grep greenp 2.11
Description:
--------------------------------------------------------------------------------
Bugtraq id: 57033
CVE (CAN) ID: CVE-2012-5667
Grep is a command line tool originally used for Unix operating systems. It is a powerful text search tool that uses regular expressions to search for text and print matching rows.
In versions earlier than grep 2.11, the integer overflow vulnerability exists when reading a large row. If a local user runs grep in a specific data file, this vulnerability can cause grep to crash or execute arbitrary code.
<* Source: Joshua Rogers
Link: http://seclists.org/oss-sec/2012/q4/504
Https://bugzilla.RedHat.com/show_bug.cgi? Id = 889935
Http://git.savannah.gnu.org/cgit/grep.git/commit? Id = cbbc1a45b9f843c811905c97c90a5d31f8e6c189
*>
Test method:
--------------------------------------------------------------------------------
Alert
The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
Perl-e & #39; print & quot; x (2 ** 31) & #39; | grep x & amp; gt;/dev/null
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Grep
----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://git.savannah.gnu.org/cgit/grep.git/commit? Id = 4572ea4649d025e51463d48c2d06a1c66134cdb8