Re: NSFOCUS SA2001-04 : Solaris dtmail Buffer Overflow Vulnerability

[Virtualcat Blackcat <virtualcat () hotmail com>]

Couldn't reproduce on SUNOS 5.6
% uname -a
SunOS sundev1 5.6 Generic_105181-19 sun4u 
sparc SUNW,Ultra-1
% echo $SHELL
/usr/bin/ksh
% cp /usr/dt/bin/dtmail .
% export MAIL=`perl -e print "A"x2000'`
% ./dtmail 
<!-- Clicked on [Local] when Xwindow popped up -->
% 
dtmail didn't crash.

% export MAIL=`perl -e 'print "A"x20000'`
% ./dtmail
%
Didn't crash either.

% export HOME=`perl -e 'print "A"x360'`
% ./dtmail                             
Segmentation Fault(coredump)

Looks like there is something in $HOME, not in $MAIL 
as posted.

Regards,
Virtualcat

..oO(I am virtual)Oo.. 
virtualcat () xfocus org