[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Potential Denial of Service Vulnerability in embedded commands - Bas
|
From: |
Eduardo Bustamante |
|
Subject: |
Re: Potential Denial of Service Vulnerability in embedded commands - Bash version 4.4.12(1) - Release |
|
Date: |
Tue, 7 Nov 2017 08:21:04 -0600 |
On Tue, Nov 7, 2017 at 5:58 AM, Alex Nichols <alex.nichols@cyberowl.io> wrote:
[...]
> In order to trigger the bug I executed the command *`*cat sploit.buf*`*
> where sploit.buf is a just over 2GB file of ‘A’ characters. When this
> command is executed the bash terminal crashes with the following error
> “Bash: xrealloc: .././subst.c:5977: cannot allocate 1073741824 bytes
> (2149011456 bytes allocated)”, on Ubuntu 17.10 64 bit. This error message
> appears to vary on different Linux distros. On Kali 2017.2 64 bit the error
> message is ” Bash: xrealloc: .././subst.c:5977: cannot allocate
> 18446744071562067968 bytes (4296613888 bytes allocated)”.
[...]
This is a normal memory exhaustion problem. You are asking bash to allocate
over 2 GiB of heap memory, and your system is unable to provide that amount
of memory.
> This bug may present a potential security risk as a malicious user may be
> able to crash a users bash session by tricking them into executing a
> malicious bash script.
[...]
This is not a security issue. If you can trick a user into running this script,
why stop there? Why not instead encrypt the file system and hold it for
ransom? or delete it? Or steal credentials by uploading ~/.netrc, ~/.ssh/id_rsa,
~/.aws/credentials, ...
You will find this problem in any program that allocates memory dynamically.
Try allocating a >2 GiB in python, ruby, perl, php, awk, ...