|
Full Disclosure
mailing list archives
Re: New Source Code Vulnerability Scanner (Free 30 Day Trial)
From: Georgi Guninski <guninski () guninski com>
Date: Sat, 4 Dec 2010 14:26:08 +0200
On Sat, Dec 04, 2010 at 12:53:11PM +0100, netinfinity wrote:
I was thinking about another way to possible bypass this code.
POC:
grep -fruit
will trick the system into thinking it is a fruit thus crashing because of
stackoverflow and juice overflow.
the issue you describe is documented in the grep man page:
Known Bugs
In addition, certain other obscure regular expressions require exponential time and space, and may cause grep to run
out of memory.
ls -lth /proc/kcore
-r-------- 1 root root 128T 2010-12-04 14:21 /proc/kcore # *T*
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
- Re: New Source Code Vulnerability Scanner (Free 30 Day Trial), (continued)
Re: New Source Code Vulnerability Scanner (Free 30 Day Trial) Jens Christian Hillerup (Dec 02)
Re: New Source Code Vulnerability Scanner (Free 30 Day Trial) Cal Leeming [Simplicity Media Ltd] (Dec 02)
Re: New Source Code Vulnerability Scanner (Free 30 Day Trial) Michael McGraw-Herdeg (Dec 02)
Re: New Source Code Vulnerability Scanner (Free 30 Day Trial) IA64 LOL (Dec 02)
Re: New Source Code Vulnerability Scanner (Free 30 Day Trial) Michal Zalewski (Dec 03)
| 
