[Bug 1808095] [NEW] uniq is not checking and handling all file types

Anoop Nadig 1808095 at bugs.launchpad.net
Wed Dec 12 05:23:15 UTC 2018 

*** This bug is a security vulnerability ***

Public security bug reported:

Hi,

The utility uniq allows all types of files as input. Allowing block
devices or character devices as input can lead to unwanted behavior such
as the utility executes indefinitely when device '/dev/urandom' is
passed as an input. Please refer this for more information regarding
this issue
(https://github.com/pkmoore/rrapper/blob/master/anomalies/weird_filetypes.md).

I've included a patch which checks and handles character devices and
block devices when passed as input. Please get back to me for more
information.

Regards,
Anoop Nadig

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: coreutils 8.28-1ubuntu1
ProcVersionSignature: Ubuntu 4.15.0-42.45-generic 4.15.18
Uname: Linux 4.15.0-42-generic i686
ApportVersion: 2.20.9-0ubuntu7.5
Architecture: i386
CurrentDesktop: XFCE
Date: Tue Dec 11 20:23:32 2018
ExecutablePath: /usr/bin/uniq
InstallationDate: Installed on 2018-11-07 (35 days ago)
InstallationMedia: Xubuntu 18.04 LTS "Bionic Beaver" - Release i386 (20180426)
SourcePackage: coreutils
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: coreutils (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: apport-bug bionic i386

** Patch added: "Patch for detecting and handling character and block device as input"
   https://bugs.launchpad.net/bugs/1808095/+attachment/5221550/+files/uniq.patch

** Patch removed: "Patch for detecting and handling character and block device as input"
   https://bugs.launchpad.net/ubuntu/+source/coreutils/+bug/1808095/+attachment/5221550/+files/uniq.patch

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to coreutils in Ubuntu.
https://bugs.launchpad.net/bugs/1808095

Title:
  uniq is not checking and handling all file types

Status in coreutils package in Ubuntu:
  New

Bug description:
  Hi,

  The utility uniq allows all types of files as input. Allowing block
  devices or character devices as input can lead to unwanted behavior
  such as the utility executes indefinitely when device '/dev/urandom'
  is passed as an input. Please refer this for more information
  regarding this issue
  (https://github.com/pkmoore/rrapper/blob/master/anomalies/weird_filetypes.md).

  I've included a patch which checks and handles character devices and
  block devices when passed as input. Please get back to me for more
  information.

  Regards,
  Anoop Nadig

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: coreutils 8.28-1ubuntu1
  ProcVersionSignature: Ubuntu 4.15.0-42.45-generic 4.15.18
  Uname: Linux 4.15.0-42-generic i686
  ApportVersion: 2.20.9-0ubuntu7.5
  Architecture: i386
  CurrentDesktop: XFCE
  Date: Tue Dec 11 20:23:32 2018
  ExecutablePath: /usr/bin/uniq
  InstallationDate: Installed on 2018-11-07 (35 days ago)
  InstallationMedia: Xubuntu 18.04 LTS "Bionic Beaver" - Release i386 (20180426)
  SourcePackage: coreutils
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/coreutils/+bug/1808095/+subscriptions

More information about the foundations-bugs mailing list