[Bug 1091473] Re: grep <2.11 is vulnerable to "Arbitrary command execution"

Jamie Strandboge jamie at ubuntu.com
Wed Feb 27 16:26:43 UTC 2013 

This was fixed in 2.11-1, so Ubuntu 12.10 and 13.04 are not affected.

** Also affects: grep (Ubuntu Lucid)
   Importance: Undecided
       Status: New

** Also affects: grep (Ubuntu Precise)
   Importance: Undecided
       Status: New

** Also affects: grep (Ubuntu Quantal)
   Importance: Undecided
       Status: New

** Also affects: grep (Ubuntu Hardy)
   Importance: Undecided
       Status: New

** Also affects: grep (Ubuntu Oneiric)
   Importance: Undecided
       Status: New

** Also affects: grep (Ubuntu Raring)
   Importance: Undecided
       Status: Confirmed

** Changed in: grep (Ubuntu Lucid)
       Status: New => Triaged

** Changed in: grep (Ubuntu Oneiric)
       Status: New => Triaged

** Changed in: grep (Ubuntu Precise)
       Status: New => Triaged

** Changed in: grep (Ubuntu Hardy)
       Status: New => Triaged

** Changed in: grep (Ubuntu Quantal)
       Status: New => Fix Released

** Changed in: grep (Ubuntu Raring)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grep in Ubuntu.
https://bugs.launchpad.net/bugs/1091473

Title:
  grep <2.11 is vulnerable to "Arbitrary command execution"

Status in “grep” package in Ubuntu:
  Fix Released
Status in “grep” source package in Lucid:
  Triaged
Status in “grep” source package in Oneiric:
  Triaged
Status in “grep” source package in Precise:
  Triaged
Status in “grep” source package in Quantal:
  Fix Released
Status in “grep” source package in Raring:
  Fix Released
Status in “grep” source package in Hardy:
  Triaged

Bug description:
  grep <2.11 is vulnerable to command execution vulnerability, and it is
  not possible to patch unless you build the source directly from the
  git repo.

  ubuntu 12.04(And everything else, I would assume) uses version 2.10 of
  grep. it is not possible to upgrade without downloading the src and
  building it yourself.


  
  PoC:

  perl -e 'print "x"x(2**31)' | grep x > /dev/null

  This is the grep news form for this:

   * Noteworthy changes in release 2.11 (2012-03-02) [stable]

    ** Bug fixes

      grep no longer dumps core on lines whose lengths do not fit in 'int'.
      (e.g., lines longer than 2 GiB on a typical 64-bit host).
      Instead, grep either works as expected, or reports an error.
      An error can occur if not enough main memory is available, or if the
      GNU C library's regular expression functions cannot handle such long lines.
      [bug present since "the beginning"]


  Solution: Send out a grep update with atleast 2.11 grep from
  http://git.sv.gnu.org/cgit/grep.git


  Full PoC of actually "abusing" this vulnerablility(ls -la within grep)
  can be provided, if 100% needed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grep/+bug/1091473/+subscriptions

More information about the foundations-bugs mailing list