Debian Bug report logs -
#701897
CVE-2012-5667: buffer overflow with overly long input lines
Reported by: Raphael Geissert <geissert@debian.org>
Date: Thu, 28 Feb 2013 15:57:05 UTC
Severity: grave
Tags: security
Found in version grep/2.6.3-3
Fixed in versions grep/2.11-1, grep/2.6.3-3+squeeze1
Done: Santiago Ruano Rincón <santiago@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, secure-testing-team@lists.alioth.debian.org, Anibal Monsalve Salazar <anibal@debian.org>:
Bug#701897; Package grep.
(Thu, 28 Feb 2013 15:57:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Raphael Geissert <geissert@debian.org>:
New Bug report received and forwarded. Copy sent to secure-testing-team@lists.alioth.debian.org, Anibal Monsalve Salazar <anibal@debian.org>.
(Thu, 28 Feb 2013 15:57:07 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: grep
Severity: grave
Version: 2.6.3-3
Tags: security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
Hi,
the following vulnerability was published for grep.
CVE-2012-5667[0]:
| Multiple integer overflows in GNU Grep before 2.11 might allow
| context-dependent attackers to execute arbitrary code via vectors
| involving a long input line that triggers a heap-based buffer
| overflow.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5667
http://security-tracker.debian.org/tracker/CVE-2012-5667
Please adjust the affected versions in the BTS as needed.
Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
Marked as fixed in versions grep/2.11-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Thu, 28 Feb 2013 18:57:11 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Anibal Monsalve Salazar <anibal@debian.org>:
Bug#701897; Package grep.
(Thu, 28 Feb 2013 20:57:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Gianluca Ciccarelli <galiziacentrale@gmail.com>:
Extra info received and forwarded to list. Copy sent to Anibal Monsalve Salazar <anibal@debian.org>.
(Thu, 28 Feb 2013 20:57:06 GMT) (full text, mbox, link).
Message #12 received at 701897@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
tags 701897 squeeze unreproducible
--
I have tried the PoC proposed by the original reported, but
have different outcomes:
- On a running squeeze distribution, nothing happens. No
segfaults, in particular.
- On a wheezy machine, I downloaded version 2.6.3's .dsc
from the QA page's link, configured, and built it; When I
run the PoC, I get:
grep: memory exhausted
which is the same result that I get when I use the version
installed on the machine.
The notes on the Debian Security Tracker, however, suggest
that the segfault is reproducible. It would be interesting
to know other voices on this.
I tag the issue with `squeeze' because it is the only
possibly vulnerable version (<2.11).
--
Gianluca Ciccarelli
GPG key ID: 0x39BBDB6C
[signature.asc (application/pgp-signature, inline)]
Added tag(s) unreproducible and squeeze.
Request was from Gianluca Ciccarelli <galiziacentrale@gmail.com>
to control@bugs.debian.org.
(Thu, 28 Feb 2013 21:06:05 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Anibal Monsalve Salazar <anibal@debian.org>:
Bug#701897; Package grep.
(Thu, 28 Feb 2013 21:57:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Julien Cristau <jcristau@debian.org>:
Extra info received and forwarded to list. Copy sent to Anibal Monsalve Salazar <anibal@debian.org>.
(Thu, 28 Feb 2013 21:57:03 GMT) (full text, mbox, link).
Message #19 received at 701897@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On Thu, Feb 28, 2013 at 21:56:12 +0100, Gianluca Ciccarelli wrote:
> I tag the issue with `squeeze' because it is the only
> possibly vulnerable version (<2.11).
>
Please don't do that. That's not what the suite tags are for, version
tracking does that job (I removed the tag).
Cheers,
Julien
[signature.asc (application/pgp-signature, inline)]
Removed tag(s) squeeze.
Request was from Julien Cristau <jcristau@debian.org>
to control@bugs.debian.org.
(Thu, 28 Feb 2013 21:57:05 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Anibal Monsalve Salazar <anibal@debian.org>:
Bug#701897; Package grep.
(Mon, 04 Mar 2013 10:33:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Raphael Geissert <geissert@debian.org>:
Extra info received and forwarded to list. Copy sent to Anibal Monsalve Salazar <anibal@debian.org>.
(Mon, 04 Mar 2013 10:33:03 GMT) (full text, mbox, link).
Message #26 received at 701897@bugs.debian.org (full text, mbox, reply):
Hi,
The issue can easily be reproduced on an x86_64 system running squeeze
with the public reproducer.
Valgrind also shows the issue (but beware of the time and memory it takes).
Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
Removed tag(s) unreproducible.
Request was from Michael Gilbert <mgilbert@debian.org>
to control@bugs.debian.org.
(Sat, 16 Mar 2013 20:15:11 GMT) (full text, mbox, link).
Reply sent
to Santiago Ruano Rincón <santiago@debian.org>:
You have taken responsibility.
(Sat, 10 Aug 2013 15:51:09 GMT) (full text, mbox, link).
Notification sent
to Raphael Geissert <geissert@debian.org>:
Bug acknowledged by developer.
(Sat, 10 Aug 2013 15:51:09 GMT) (full text, mbox, link).
Message #33 received at 701897-close@bugs.debian.org (full text, mbox, reply):
Source: grep
Source-Version: 2.6.3-3+squeeze1
We believe that the bug you reported is fixed in the latest version of
grep, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 701897@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Santiago Ruano Rincón <santiago@debian.org> (supplier of updated grep package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 25 Jul 2013 10:13:24 +0200
Source: grep
Binary: grep
Architecture: source amd64
Version: 2.6.3-3+squeeze1
Distribution: oldstable
Urgency: low
Maintainer: Anibal Monsalve Salazar <anibal@debian.org>
Changed-By: Santiago Ruano Rincón <santiago@debian.org>
Description:
grep - GNU grep, egrep and fgrep
Closes: 701897
Changes:
grep (2.6.3-3+squeeze1) oldstable; urgency=low
.
* Fixes CVE-2012-5667. Patch by Jaroslav Škarvada
https://bugzilla.redhat.com/show_bug.cgi?id=889935
Closes: #701897
Checksums-Sha1:
78c26f292fab9563324a81ea387175339bbe685b 1156 grep_2.6.3-3+squeeze1.dsc
a9ccf839c9ba74bfef1a0808e740d596758a7c68 1021770 grep_2.6.3.orig.tar.bz2
25fc888ee3382a7c924f88ba2cdbc615a7b0cbdb 12974 grep_2.6.3-3+squeeze1.debian.tar.bz2
7ebde8d23c4efe40d6744ec9f79133c37b7d2150 313920 grep_2.6.3-3+squeeze1_amd64.deb
Checksums-Sha256:
a86b48334460e6e776b2c774bb06e84ba96cb3393c487b373a080664873fa436 1156 grep_2.6.3-3+squeeze1.dsc
d319e79d5b1b3f9331da1db281949f7bc02e385abbf984764f2bb26783005c78 1021770 grep_2.6.3.orig.tar.bz2
709e7557347bcdcda99be8a7b44750c45f0a709381b9059a7e7bb532fb2050e1 12974 grep_2.6.3-3+squeeze1.debian.tar.bz2
e0bb207f1446f5b560540df30cee048fe623b5de164c5e035323cffb59de1736 313920 grep_2.6.3-3+squeeze1_amd64.deb
Files:
74cf4df68e3ada26246376f7a172ac50 1156 utils required grep_2.6.3-3+squeeze1.dsc
85f5f78b2b3f55eea05364dd0f49e45a 1021770 utils required grep_2.6.3.orig.tar.bz2
43ec1e66e5af56ae7a65472f6dfa55b0 12974 utils required grep_2.6.3-3+squeeze1.debian.tar.bz2
7c8b301e28fc614cd99b04ea87ad0fee 313920 utils required grep_2.6.3-3+squeeze1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlHxfy0ACgkQQUuEI2/szeCyGACeLX+IZ32DdgCG/ntJLUJ1Oh8u
Tx4AnjCjLjMVXal8UVHKMEasp/t3Is0E
=Sbij
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 08 Sep 2013 07:32:56 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:50:20 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon