Vulnerabilities > CVE-2015-1345 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 | |
| OS | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-1447.NASL description Updated grep packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The grep utility searches through textual input for lines that contain a match to a specified pattern and then prints the matching lines. The GNU grep utilities include grep, egrep, and fgrep. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way grep parsed large lines of data. An attacker able to trick a user into running grep on a specially crafted data file could use this flaw to crash grep or, potentially, execute arbitrary code with the privileges of the user running grep. (CVE-2012-5667) A heap-based buffer overflow flaw was found in the way grep processed certain pattern and text combinations. An attacker able to trick a user into running grep on specially crafted input could use this flaw to crash grep or, potentially, read from uninitialized memory. (CVE-2015-1345) The grep packages have been upgraded to upstream version 2.20, which provides a number of bug fixes and enhancements over the previous version. Notably, the speed of various operations has been improved significantly. Now, the recursive grep utility uses the fts function of the gnulib library for directory traversal, so that it can handle much larger directories without reporting the last seen 2020-06-01 modified 2020-06-02 plugin id 84948 published 2015-07-23 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84948 title RHEL 6 : grep (RHSA-2015:1447) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-1447.NASL description Updated grep packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The grep utility searches through textual input for lines that contain a match to a specified pattern and then prints the matching lines. The GNU grep utilities include grep, egrep, and fgrep. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way grep parsed large lines of data. An attacker able to trick a user into running grep on a specially crafted data file could use this flaw to crash grep or, potentially, execute arbitrary code with the privileges of the user running grep. (CVE-2012-5667) A heap-based buffer overflow flaw was found in the way grep processed certain pattern and text combinations. An attacker able to trick a user into running grep on specially crafted input could use this flaw to crash grep or, potentially, read from uninitialized memory. (CVE-2015-1345) The grep packages have been upgraded to upstream version 2.20, which provides a number of bug fixes and enhancements over the previous version. Notably, the speed of various operations has been improved significantly. Now, the recursive grep utility uses the fts function of the gnulib library for directory traversal, so that it can handle much larger directories without reporting the last seen 2020-06-01 modified 2020-06-02 plugin id 85022 published 2015-07-28 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85022 title CentOS 6 : grep (CESA-2015:1447) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2015-598.NASL description An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way grep parsed large lines of data. An attacker able to trick a user into running grep on a specially crafted data file could use this flaw to crash grep or, potentially, execute arbitrary code with the privileges of the user running grep. (CVE-2012-5667) A heap-based buffer overflow flaw was found in the way grep processed certain pattern and text combinations. An attacker able to trick a user into running grep on specially crafted input could use this flaw to crash grep or, potentially, read from uninitialized memory. (CVE-2015-1345) last seen 2020-06-01 modified 2020-06-02 plugin id 86076 published 2015-09-23 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/86076 title Amazon Linux AMI : grep (ALAS-2015-598) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-1447.NASL description From Red Hat Security Advisory 2015:1447 : Updated grep packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The grep utility searches through textual input for lines that contain a match to a specified pattern and then prints the matching lines. The GNU grep utilities include grep, egrep, and fgrep. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way grep parsed large lines of data. An attacker able to trick a user into running grep on a specially crafted data file could use this flaw to crash grep or, potentially, execute arbitrary code with the privileges of the user running grep. (CVE-2012-5667) A heap-based buffer overflow flaw was found in the way grep processed certain pattern and text combinations. An attacker able to trick a user into running grep on specially crafted input could use this flaw to crash grep or, potentially, read from uninitialized memory. (CVE-2015-1345) The grep packages have been upgraded to upstream version 2.20, which provides a number of bug fixes and enhancements over the previous version. Notably, the speed of various operations has been improved significantly. Now, the recursive grep utility uses the fts function of the gnulib library for directory traversal, so that it can handle much larger directories without reporting the last seen 2020-06-01 modified 2020-06-02 plugin id 85108 published 2015-07-30 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85108 title Oracle Linux 6 : grep (ELSA-2015-1447) NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-121.NASL description grep was updated to fix one security issue. This security issue was fixed : - Heap buffer overrun with a carefully crafted combination of input and regexp (CVE-2015-1345). last seen 2020-06-05 modified 2015-02-10 plugin id 81253 published 2015-02-10 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81253 title openSUSE Security Update : grep (openSUSE-2015-121) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-2111.NASL description Updated grep packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The grep utility searches through textual input for lines that contain a match to a specified pattern and then prints the matching lines. The GNU grep utilities include grep, egrep, and fgrep. A heap-based buffer overflow flaw was found in the way grep processed certain pattern and text combinations. An attacker able to trick a user into running grep on specially crafted input could use this flaw to crash grep or, potentially, read from uninitialized memory. (CVE-2015-1345) This update also fixes the following bugs : * Prior to this update, the \w and \W symbols were inconsistently matched to the [:alnum:] character class. Consequently, using regular expressions with last seen 2020-06-01 modified 2020-06-02 plugin id 87131 published 2015-12-02 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87131 title CentOS 7 : grep (CESA-2015:2111) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-2111.NASL description Updated grep packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The grep utility searches through textual input for lines that contain a match to a specified pattern and then prints the matching lines. The GNU grep utilities include grep, egrep, and fgrep. A heap-based buffer overflow flaw was found in the way grep processed certain pattern and text combinations. An attacker able to trick a user into running grep on specially crafted input could use this flaw to crash grep or, potentially, read from uninitialized memory. (CVE-2015-1345) This update also fixes the following bugs : * Prior to this update, the \w and \W symbols were inconsistently matched to the [:alnum:] character class. Consequently, using regular expressions with last seen 2020-06-01 modified 2020-06-02 plugin id 86931 published 2015-11-19 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86931 title RHEL 7 : grep (RHSA-2015:2111) NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL42891424.NASL description The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option. (CVE-2015-1345) last seen 2020-06-01 modified 2020-06-02 plugin id 101093 published 2017-06-29 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101093 title F5 Networks BIG-IP : Grep vulnerability (K42891424) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-2111.NASL description From Red Hat Security Advisory 2015:2111 : Updated grep packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The grep utility searches through textual input for lines that contain a match to a specified pattern and then prints the matching lines. The GNU grep utilities include grep, egrep, and fgrep. A heap-based buffer overflow flaw was found in the way grep processed certain pattern and text combinations. An attacker able to trick a user into running grep on specially crafted input could use this flaw to crash grep or, potentially, read from uninitialized memory. (CVE-2015-1345) This update also fixes the following bugs : * Prior to this update, the \w and \W symbols were inconsistently matched to the [:alnum:] character class. Consequently, using regular expressions with last seen 2020-06-01 modified 2020-06-02 plugin id 87022 published 2015-11-24 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87022 title Oracle Linux 7 : grep (ELSA-2015-2111) NASL family Scientific Linux Local Security Checks NASL id SL_20150722_GREP_ON_SL6_X.NASL description An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way grep parsed large lines of data. An attacker able to trick a user into running grep on a specially crafted data file could use this flaw to crash grep or, potentially, execute arbitrary code with the privileges of the user running grep. (CVE-2012-5667) A heap-based buffer overflow flaw was found in the way grep processed certain pattern and text combinations. An attacker able to trick a user into running grep on specially crafted input could use this flaw to crash grep or, potentially, read from uninitialized memory. (CVE-2015-1345) The grep packages have been upgraded to upstream version 2.20, which provides a number of bug fixes and enhancements over the previous version. Notably, the speed of various operations has been improved significantly. Now, the recursive grep utility uses the fts function of the gnulib library for directory traversal, so that it can handle much larger directories without reporting the last seen 2020-03-18 modified 2015-08-04 plugin id 85194 published 2015-08-04 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85194 title Scientific Linux Security Update : grep on SL6.x i386/x86_64 (20150722) NASL family Scientific Linux Local Security Checks NASL id SL_20151119_GREP_ON_SL7_X.NASL description A heap-based buffer overflow flaw was found in the way grep processed certain pattern and text combinations. An attacker able to trick a user into running grep on specially crafted input could use this flaw to crash grep or, potentially, read from uninitialized memory. (CVE-2015-1345) This update also fixes the following bugs : - Prior to this update, the \w and \W symbols were inconsistently matched to the [:alnum:] character class. Consequently, using regular expressions with last seen 2020-03-18 modified 2015-12-22 plugin id 87557 published 2015-12-22 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87557 title Scientific Linux Security Update : grep on SL7.x x86_64 (20151119) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201502-14.NASL description The remote host is affected by the vulnerability described in GLSA-201502-14 (grep: Denial of Service) A heap buffer overrun has been fixed in the bmexec_trans function in kwset.c. Impact : A local user can cause Denial of Service. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 81535 published 2015-02-26 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81535 title GLSA-201502-14 : grep: Denial of Service NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2016-639.NASL description A heap-based buffer overflow flaw was found in the way grep processed certain pattern and text combinations. An attacker able to trick a user into running grep on specially crafted input could use this flaw to crash grep or, potentially, read from uninitialized memory. last seen 2020-06-01 modified 2020-06-02 plugin id 87973 published 2016-01-19 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/87973 title Amazon Linux AMI : grep (ALAS-2016-639)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://debbugs.gnu.org/cgi/bugreport.cgi?bug=19563
- http://git.savannah.gnu.org/cgit/grep.git/commit/?id=83a95bd8c8561875b948cadd417c653dbe7ef2e2
- http://lists.opensuse.org/opensuse-updates/2015-02/msg00037.html
- http://rhn.redhat.com/errata/RHSA-2015-1447.html
- http://www.openwall.com/lists/oss-security/2015/01/22/10
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.securityfocus.com/bid/72281