Date: Fri, 6 Apr 2018 11:51:40 +0200 From: Jakub Wilk <jwilk@...lk.net> To: oss-security@...ts.openwall.com Subject: Re: Privsec vuln in beep / Code execution in GNU patch * Hanno Böck <hanno@...eck.de>, 2018-04-06, 08:52: >There was a joke webpage about a vulnerability in beep a few days ago: >http://holeybeep.ninja/ >There's also a corresponding Debian Advisory: >https://lists.debian.org/debian-security-announce/2018/msg00089.html >Neither have any technical details. CVE is CVE-2018-0492. > >If anyone knows the background of this please share it. Upstream bug report: https://github.com/johnath/beep/issues/11 >GNU patch supports a legacy "ed" format for patches and that allows >executing external commands. [...] >--- a 2018-13-37 13:37:37.000000000 +0100 >+++ b 2018-13-37 13:38:38.000000000 +0100 >1337a >1,112d >!id>~/pwn.lol This bug triggers even with -u (which is supposed to disable patch type detection). :-/ -- Jakub Wilk
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ