Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: New Source Code Vulnerability Scanner (Free 30 Day Trial)

From: Georgi Guninski <guninski () guninski com>
Date: Sat, 4 Dec 2010 14:26:08 +0200
On Sat, Dec 04, 2010 at 12:53:11PM +0100, netinfinity wrote:

I was thinking about another way to possible bypass this code.

POC:

grep -fruit

will trick the system into thinking it is a fruit thus crashing because of
stackoverflow and juice overflow.




the issue you describe is documented in the grep man page:

Known Bugs

In addition, certain other obscure regular expressions require exponential time and space, and may cause grep to  run  
out  of memory.

ls -lth /proc/kcore 
-r-------- 1 root root 128T 2010-12-04 14:21 /proc/kcore # *T*

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: