The Precise Pangolin has reached end of life, so this bug will not be
fixed for that release
** Changed in: grep (Ubuntu Precise)
Status: Triaged => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
lucid has seen the end of its life and is no longer receiving any
updates. Marking the lucid task for this ticket as Won't Fix.
** Changed in: grep (Ubuntu Lucid)
Status: Triaged = Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
This was fixed in 2.11-1, so Ubuntu 12.10 and 13.04 are not affected.
** Also affects: grep (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: grep (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: grep (Ubuntu Quantal)
Importance:
After more analysis, it may not be vulnerable to command execution.
Not sure.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1091473
Title:
grep 2.11 is vulnerable to Arbitrary command
Under MORE analysis, it does appear to allow command execution, but I can't get
the ls -la working.
I'm a noob at asm.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1091473
Title:
grep
perl -e 'print xx(2**31)' | grep x /dev/null
just run that
if that's what you mean by a reproducer
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1091473
Title:
grep 2.11 is vulnerable to
Joshua Rogers
Full PoC of actually abusing this vulnerablility(ls -la within grep) can be
provided, if 100% needed.
We need it (full PoC).
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
** Tags added: precise upgrade-software-version
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1091473
Title:
grep 2.11 is vulnerable to Arbitrary command execution
To manage notifications
Thanks Joshua,
Kurt Seifried has expressed an interest in a reproducer, so if you have
one available, please do attach it.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1091473
Title:
grep
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-5667
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1091473
Title:
grep 2.11 is vulnerable to Arbitrary command
** Changed in: grep (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1091473
Title:
grep 2.11 is vulnerable to Arbitrary command execution
To manage
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1091473
Title:
grep 2.11 is vulnerable to Arbitrary command execution
To manage
12 matches
Mail list logo
