[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] New Source Code Vulnerability Scanner (Free 30 Day Trial)

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] New Source Code Vulnerability Scanner (Free 30 Day Trial)
From: Georgi Guninski <guninski@xxxxxxxxxxxx>
Date: Sat, 4 Dec 2010 14:26:08 +0200

On Sat, Dec 04, 2010 at 12:53:11PM +0100, netinfinity wrote:
> I was thinking about another way to possible bypass this code.
> 
> POC:
> 
> grep -fruit
> 
> will trick the system into thinking it is a fruit thus crashing because of
> stackoverflow and juice overflow.
> 
> 
>
the issue you describe is documented in the grep man page:

Known Bugs

In addition, certain other obscure regular expressions require exponential time 
and space, and may cause grep to  run  out  of memory.

ls -lth /proc/kcore 
-r-------- 1 root root 128T 2010-12-04 14:21 /proc/kcore # *T*

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] New Source Code Vulnerability Scanner (Free 30 Day Trial)
  - From: vulnscan
- Re: [Full-disclosure] New Source Code Vulnerability Scanner (Free 30 Day Trial)
  - From: Michal Zalewski
- Re: [Full-disclosure] New Source Code Vulnerability Scanner (Free 30 Day Trial)
  - From: Georgi Guninski
- Re: [Full-disclosure] New Source Code Vulnerability Scanner (Free 30 Day Trial)
  - From: netinfinity

Prev by Date: Re: [Full-disclosure] New Source Code Vulnerability Scanner (Free 30 Day Trial)
Next by Date: [Full-disclosure] Sherrod DeGrippo's Nightmare Machine - Using free speech to make strangers suffer, and laughing about it
Previous by thread: Re: [Full-disclosure] New Source Code Vulnerability Scanner (Free 30 Day Trial)
Next by thread: Re: [Full-disclosure] New Source Code Vulnerability Scanner (Free 30 Day Trial)
Index(es):
- Date
- Thread