Operating System:

[UNIX/Linux][NetBSD]

Published:

28 February 2013

Protect yourself against future threats.

//Service

Incident Management

Whether it is proactive or reactive services you're after, we will help you detect, interpret and respond to attacks from across the globe.

Read more
Resources > Security Bulletins > ESB-2013.0297 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2013.0297
                          Vulnerabilities in grep
                             28 February 2013

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           grep
Publisher:         NetBSD
Operating System:  NetBSD
                   UNIX variants (UNIX, Linux, OSX)
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2012-5667  

Original Bulletin: 
   http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2013-004.txt.asc

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than NetBSD. It is recommended that administrators 
         running grep check for an updated version of the software for their
         operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

		 NetBSD Security Advisory 2013-004
		 =================================

Topic:		Vulnerabilities in grep

Version:	NetBSD-current:		affected prior to Jan 5th, 2013
		NetBSD 6.0.*:		affected
		NetBSD 6.0:		affected
		NetBSD 5.2.*:		affected
		NetBSD 5.1.*:		affected
		NetBSD 5.0.*:		affected
		pkgsrc:			textproc/grep prior to 2.13


Severity:	Arbitrary Code Execution

Fixed:		NetBSD-current:		Jan 5th, 2013
		NetBSD-6-0 branch:	Jan 13th, 2013
		NetBSD-6 branch:	Jan 13th, 2013
		NetBSD-5-2 branch:	Jan 13th, 2013
		NetBSD-5-1 branch:	Jan 13th, 2013
		NetBSD-5-0 branch:	Jan 13th, 2013
		NetBSD-5 branch:	Jan 13th, 2013
		pkgsrc textproc/grep:	grep-2.13 corrects this issue

Please note that NetBSD releases prior to 5.0 are no longer supported.
It is recommended that all users upgrade to a supported release.


Abstract
========

Multiple integer overflows in GNU Grep before 2.11 might allow
context-dependent attackers to execute arbitrary code via vectors
involving a long input line that triggers a heap-based buffer overflow.

This vulnerability has been assigned CVE-2012-5667.


Technical Details
=================

See http://openwall.com/lists/oss-security/2012/12/22/6
The PCRE aspect of the vulnerability does not apply to NetBSD.


Solutions and Workarounds
=========================

Workaround:

Don't run grep against files of dubious provenance with lines of 2 GB,
or longer.

Fix:

Replace grep with a fixed version.

The fastest method to do that is to obtain a base.tgz matching
your system from http://nyftp.netbsd.org/pub/NetBSD-daily/ 
dated 20130114 or later, and to extract ./usr/bin/egrep,
./usr/bin/fgrep and ./usr/bin/grep as well as ./rescue/egrep,
./rescue/fgrep and ./rescue/grep from it.


The following instructions describe how to upgrade your grep
binaries by updating your source tree and rebuilding and
installing a new version of grep.

	The following files contain the fix:

	gnu/dist/grep/lib/getopt.c
	gnu/dist/grep/lib/regex.c
	gnu/dist/grep/src/ansi2knr.c
		HEAD		1.2
		netbsd-6	1.1.1.1.56.1
		netbsd-6-0	1.1.1.1.62.1
		netbsd-5	1.1.1.1.38.1
		netbsd-5-2	1.1.1.1.64.1
		netbsd-5-1	1.1.1.1.46.1
		netbsd-5-0	1.1.1.1.42.1
	gnu/dist/grep/src/dfa.c	
		HEAD		1.3
		netbsd-6	1.2.56.1
		netbsd-6-0	1.2.62.1
		netbsd-5	1.2.38.1
		netbsd-5-2	1.2.64.1
		netbsd-5-1	1.2.46.1
		netbsd-5-0	1.2.42.1
	gnu/dist/grep/src/grep.c
		HEAD		1.14
		netbsd-6	1.13.8.1
		netbsd-6-0	1.13.14.1
		netbsd-5	1.12.4.1
		netbsd-5-2	1.12.2.1
		netbsd-5-1	1.12.12.1
		netbsd-5-0	1.12.8.1
	gnu/dist/grep/src/search.c
		HEAD		1.4
		netbsd-6	1.3.20.1
		netbsd-6-0	1.3.26.1
		netbsd-5	1.3.4.1
		netbsd-5-2	1.3.28.1
		netbsd-5-1	1.3.12.1
		netbsd-5-0	1.3.8.1

	To update from CVS, re-build, and re-install grep:
		# cd src
		# cvs update -d -P gnu/dist/grep
		# cd gnu/usr.bin/grep
		# make USETOOLS=no cleandir dependall
		# make USETOOLS=no install
		# cd ../../../usr.bin/ldd
		# make USETOOLS=no cleandir dependall
		# cd ../../rescue
		# make USETOOLS=no cleandir dependall
		# make USETOOLS=no install


Thanks To
=========

Joshua Rogers for identifying the problem in GNU grep.
Ignatios Souvatzis and Alan Barrett for collaborating on a GPLv2 fix.


Revision History
================

	2013-02-26	Initial release


More Information
================

Advisories may be updated as new information becomes available.
The most recent version of this advisory (PGP signed) can be found at 
  http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2013-004.txt.asc

Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.org/ and http://www.NetBSD.org/Security/ .

Copyright 2013, The NetBSD Foundation, Inc.  All Rights Reserved.
Redistribution permitted only in full, unmodified form.

$NetBSD: NetBSD-SA2013-004.txt,v 1.1 2013/02/26 19:45:50 tonnerre Exp $

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (NetBSD)

iQIcBAEBAgAGBQJRLRIBAAoJEAZJc6xMSnBuo0oQAKwd6+VU7q/XNA+GIh9yyn/a
rXy0VmPx3uUQuMCdrzOmcXzyW9RzW9Gskv1Xgzo1T+HrTc7iQ9LMWtQfZSwPSYVk
DEecyvIyAjeoEc4Ticbz2I0DxC0uRCDmMd2KhKQz/2C7XD6hUcDoVChUimNAeBxj
l84VNPnyUzf3n2osaVA+1VRghsO1ITrF+c4Fxz1b1fX3C6wCOvi834BzEQGBH/LI
o3nzsyC2w+0WiK0be3Nvt4dChlPNM7uiEqjS5833Zp3LauAxgKGhuQpsc34PL2V9
pA1chFw2Iay4Px1keYAczCbrmKHbGCZpO2WcGpiqW2Xe9S/yMiwGKN2MH3cTOVrm
V6bz9UdyzfMz/TAlXwqC00c3AQ66FFXkNlHkdi6V5l3ZkLEKAxsZhtUziJxev3m9
E6/XZOT0BPggiG7+edJN6HgfzOGZZgonssUGXjjxk/R2Cu6HInbQ8jrcUaHdTOYR
W+zRuCLU21klZWUZTqSLPH/csEq1q2dyWLkkP8HdveVlg/VzD4cpb+mAaAWa9iHD
6cEPNswYFqrpVneHUaeFdPe1mKTXfesOwxi6aHvQojZHnEiCdihvjSd28S+303po
5k3DQQiZYjFlzvHhXjXFGw9YgiXS3id/uEnm5aIJ505uZ7W0IzZuyfm0z5o7qqGj
a7cXpgp2M9dYialzRVlE
=3W1g
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBUS7O++4yVqjM2NGpAQKavA/+I0isVdY2hEbHyO5LXst2tdDXhzb8Et5Y
bHUXQhGl4qN8pp9Bvhz0AQ0obAcfCp6a2z90laXvV3oJDPn6WLw+ESTAo9K7Hqgd
UVED+8WmF5XSnY7XhiTPDhm9u5rHZ5bmsNF1vMVR2jbhxp55f57XNYIHkDJk083t
OB9GH6WdxGr58BhP6ml9LTMQ4MWiIhma96uRUjl1zTcGdEYsqEJ04H+RSQayL8lX
U+DMSnsaBWxHlc/c+mlmsS4fbayDIYol0G56TQLUTZutmZw/tK63aVetjfVb68w5
wlQfMnySbLlOuZ/2zshzx7v71p7C6Ph0x73A778yz8CNQTtkArUZDOU5DX0ej1Zv
JmOxzgJclI8ojJnbMcb+Y9+nZq2CE7jibsDUdLodJo9LZtn7uaDzhzNLVLWegbQS
YDihB2Jn5dSmFe/ROg0YZnf7AY6TFbV4uilvWXWVhVZWKNBnmakBshiSyVYCIYIG
pCtCaNqdQ7jOdeL0UvxX52GoBkoON1QhuKKGSuj6Y5KgaW2DX/b2D8CZtd4pkLHS
COzsjsilrZevy7wdVzlRImM5lQPezL53AfZotjD3UG71ttUcoDO7ltALi49erzyg
XGewaSsZ9lBISI5zeuWUXeHQ1Wg6penKDs0miAmIfuvdAAN+JohKYBOvIJxaAKWr
xiiTxNWccvI=
=HkXk
-----END PGP SIGNATURE-----