oss-sec mailing list archives
Re: CVE-Request - GNU Awk.
From: "Yuriy M. Kaminskiy" <yumkam () gmail com>
Date: Mon, 14 Mar 2016 16:55:14 +0300
On 14.03.2016 15:26, Tomas Hoger wrote:
On Mon, 14 Mar 2016 06:32:28 +0000 Steve Kemp wrote:I reported two DoS bugs against GNU Awk to the debian bug tracker recently, both of which are denial of service attacks causing NULL-pointer deferences. It would be useful to have a CVE identifiers assigned.Why should these get a CVE? As you state in one of your reports: While I appreciate that passing untrusted code to gawk is not a common thing to do, I do not believe that it should be possible to trigger a segfault though. Why should that be considered a valid / safe use case at all? If something makes awk run untrusted programs, there's code execution problem already: echo | awk '{ system("id") }'
What if someone generates awk script using data from untrusted source, and avoids all theoretically-dangerous constructs (like system()), but their filter miss something theoretically-innocent that can trigger SIGSEGV (or worse) due to bug in gawk.
Current thread:
- CVE-Request - GNU Awk. Steve Kemp (Mar 13)
- Re: CVE-Request - GNU Awk. Tomas Hoger (Mar 14)
- Re: CVE-Request - GNU Awk. Yuriy M. Kaminskiy (Mar 14)
- Re: Re: CVE-Request - GNU Awk. Kurt Seifried (Mar 14)
- Re: Re: CVE-Request - GNU Awk. Bob Friesenhahn (Mar 14)
- Re: CVE-Request - GNU Awk. Yuriy M. Kaminskiy (Mar 14)
- Re: CVE-Request - GNU Awk. Tomas Hoger (Mar 14)
- <Possible follow-ups>
- Re: CVE-Request - GNU Awk. Steve Kemp (Mar 14)