投稿
https://cxsecurity.com/issue/WLB-2019110168
pari/gp 2.x Arbitrary File Overwrite - CXSecurity.com
| 漏洞ID | 1838013 | 漏洞类型 | |
| 发布时间 | 2019-11-27 | 更新时间 | 2019-11-27 |
 CVE编号
|
N/A |  CNNVD-ID
|
N/A |
| 漏洞平台 | N/A | CVSS评分 | N/A |
|漏洞来源
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
pari/gp on debian stable allow arbitrary file write
pari/gp is CAS (computer algebra system).
pari/gp version 2.9.1 on debian stretch and 2.11 on debian buster
allow arbitrary file write and hence arbitrary code execution.
poc:
========
\\ a.gp
\\ to run: \r a.gp
default("logfile","/tmp/a.txt");default("log",1);print("log(1)");
========
Of mathematical interest is pari was missing solutions
to Thue equations when assuming GRH (the fix changed polynomial
bound to exponential bound):
http://pari.math.u-bordeaux.fr/archives/pari-dev-1207/msg00000.html
t=thue(thueinit(x^3+92*x+1,0),3^3);t
--
CV: https://j.ludost.net/resumegg.pdf
site: http://www.guninski.com
blog: https://j.ludost.net/blog
检索漏洞
开始时间
结束时间