Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Possible Solaris 2.6 hole at(1M)

From: casper () HOLLAND SUN COM (Casper Dik)
Date: Thu, 4 Dec 1997 21:52:19 +0100


hi,

In Solaris 2.6, at(1M) SIGBUS's when it is run from a directory more than
512 bytes long. I coudlnt tell you if this is exploitable, but it
looks promising. It's just the at program itself it seems, even though
it's dynamicly linked, Dosent seem like a problem with the librarys.



You haven't been reading up on Solaris patch reports by chance?


Patch-ID# 105393-01
Keywords: security at 512 bus error
Synopsis: SunOS 5.6: /usr/bin/at patch
Date: Oct/14/97

Solaris Release: 2.6

SunOS Release: 5.6

...

Files included with this patch:

/usr/bin/at

Problem Description:

4063161 *at* from 512 byte long directory gives bus error.

All at patches are (dating from august - oct)

102693-05: SunOS 5.4: at/atrm/atq/cron/crontab patch
102694-05: SunOS 5.4_x86: /usr/bin/at patch
103690-05: SunOS 5.5.1: cron/crontab/at/atq/atrm patch
103691-05: SunOS 5.5.1_x86: cron/crontab/at/atq/atrm patch
103723-05: SunOS 5.5: /usr/bin/at patch
103724-05: SunOS 5.5_x86: /usr/bin/at patch
105393-01: SunOS 5.6: /usr/bin/at patch
105394-01: SunOS 5.6_x86: /usr/bin/at patch
Previous By Date Next
Previous By Thread Next

Current thread: