On Sun, 05 Jul 2020 14:40:19 +0200 Atri Bhattacharya <badshah400@opensuse.org> wrote:
Dave,
On Sun, 2020-07-05 at 11:59 +0100, Dave Howorth wrote:
I just looked at the openSUSE bug report and went from there to various other links, including https://www.exploit-db.com/exploits/45760 but I still don't understand what the vulnerability actually is?
It claims "Artha The Open Thesaurus 1.0.3.0 - Denial of Service (PoC)"
(and note that Artha says it is a thesaurus rather than a spelling app)
and the exploit itself is a python script that creates a small file containing 256 instances of the letter 'A'.
But I don't understand what this has to do with Artha? Or what problem it causes (or even can cause?) What is one supposed to do with this script and Artha to cause a DOS? And what exactly gets DOSed - just Artha or my entire system or what? And how exactly would a python script get into my system and somehow run to interact with Artha to cause whatever probelm is alleged?
Exactly what is the alleged problem?
I am not an expert here, but that has never stopped me from hazarding a guess ;-)
Thanks for your reply. I'm definitely not an expert either but I'm trying to understand what the problem is.
The problem seems to be that artha has a buffer overflow in its code, which can be exploited by a specifically crafted script -- the python script in that example, for instance -- to DDOS your system. The python script can get into your system by any number of ways: website caches, downloading malicious attachments from emails, etc.
The exploit has been in the open since 2018 -- not just alleged, but demonstrated and reproduced using that script -- so I would think it is, by now, rather straightforward for anyone to exploit.
Well, I'd like to reproduce the problem using the script but I don't understand how to. There don't seem to be any instructions for what to do with the script to invoke the bug. Just running the script simply creates the text file. Pasting the script itself into Artha's query box produces a message: "Regular expression pattern detected "No matches found! Please check your expression and try again." Pasting the name of the text file, or pasting the contents of the text file both produce the same error message: "Queried string not found in thesaurus!" So I don't understand what the alleged bug is, nor do I see a plausible method by which any bug could be invoked by that script without active cooperation from the victim. Maybe it's just my ignorance and I've missed something somewhere that explains what is supposed to be the problem? How could the original author or anybody else fix the 'bug' if they can't find out how to invoke it?
Cheers,
-- To unsubscribe, e-mail: opensuse-support+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-support+owner@opensuse.org