Date: Fri, 6 Apr 2018 11:51:40 +0200 From: Jakub Wilk <jwilk@...lk.net> To: oss-security@...ts.openwall.com Subject: Re: Privsec vuln in beep / Code execution in GNU patch * Hanno Böck <hanno@...eck.de>, 2018-04-06, 08:52: >There was a joke webpage about a vulnerability in beep a few days ago: >http://holeybeep.ninja/ >There's also a corresponding Debian Advisory: >https://lists.debian.org/debian-security-announce/2018/msg00089.html >Neither have any technical details. CVE is CVE-2018-0492. > >If anyone knows the background of this please share it. Upstream bug report: https://github.com/johnath/beep/issues/11 >GNU patch supports a legacy "ed" format for patches and that allows >executing external commands. [...] >--- a 2018-13-37 13:37:37.000000000 +0100 >+++ b 2018-13-37 13:38:38.000000000 +0100 >1337a >1,112d >!id>~/pwn.lol This bug triggers even with -u (which is supposed to disable patch type detection). :-/ -- Jakub Wilk
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.