On Tue, Nov 7, 2017 at 5:58 AM, Alex Nichols <alex.nich...@cyberowl.io> wrote: [...] > In order to trigger the bug I executed the command *`*cat sploit.buf*`* > where sploit.buf is a just over 2GB file of ‘A’ characters. When this > command is executed the bash terminal crashes with the following error > “Bash: xrealloc: .././subst.c:5977: cannot allocate 1073741824 bytes > (2149011456 bytes allocated)”, on Ubuntu 17.10 64 bit. This error message > appears to vary on different Linux distros. On Kali 2017.2 64 bit the error > message is ” Bash: xrealloc: .././subst.c:5977: cannot allocate > 18446744071562067968 bytes (4296613888 bytes allocated)”. [...]
This is a normal memory exhaustion problem. You are asking bash to allocate over 2 GiB of heap memory, and your system is unable to provide that amount of memory. > This bug may present a potential security risk as a malicious user may be > able to crash a users bash session by tricking them into executing a > malicious bash script. [...] This is not a security issue. If you can trick a user into running this script, why stop there? Why not instead encrypt the file system and hold it for ransom? or delete it? Or steal credentials by uploading ~/.netrc, ~/.ssh/id_rsa, ~/.aws/credentials, ... You will find this problem in any program that allocates memory dynamically. Try allocating a >2 GiB in python, ruby, perl, php, awk, ...
