Bugtraq mailing list archives
Re: $HOME buffer overflow in SunOS 5.8 x86
From: Nicolas Dubee <ndubee () df ru>
Date: Wed, 6 Jun 2001 05:12:55 +0400 (MSD)
On Mon, Jun 04, 2001 at 06:14:30PM +0300, Georgi Guninski wrote:$HOME buffer overflow in SunOS 5.8 x86
...
Digital Unix V4.0C is vulnerable: digital> uname -a OSF1 digital V4.0 564.32 alpha digital> setenv HOME `perl -e 'print "a"x1100'` Received disconnect: Command terminated on signal 6. [and I am logged out of the machine]
rather looks like a bug in the shell itself, or in some library function used in it. What shell are you using? As for the Sparc mail, at least 2.6 is also affected (most surely others as well, the program doesn't actually crash but loops in a signal handler): yoki# uname -a SunOS yoki 5.6 Generic_105181-06 sun4u sparc SUNW,Ultra-1 yoki# more truss.output ... getgid() = 1 [6] setgid(1) = 0 access("dead.letter", 0) Err#2 ENOENT access(".", 2) = 0 stat("dead.letter", 0xEFFFD1A8) Err#2 ENOENT brk(0x0003F120) = 0 brk(0x00041120) = 0 access("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", 0) Err#78 ENAMETOOLONG access("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", 2) Err#78 ENAMETOOLONG Incurred fault #5, FLTACCESS %pc = 0x00017EDC siginfo: SIGBUS BUS_ADRALN addr=0x41414209 Received signal #10, SIGBUS [caught] siginfo: SIGBUS BUS_ADRALN addr=0x41414209 sigaction(SIGBUS, 0xEFFFCC50, 0xEFFFCCD0) = 0 sigaction(SIGBUS, 0xEFFFCC50, 0xEFFFCCD0) = 0 write(2, " A A A A A A A A A A A A".., 9139) = 9139 write(2, " : E R R O R s i g n".., 15) = 15 write(2, " 1 0\n", 3) = 3 ... -nd
Current thread:
- $HOME buffer overflow in SunOS 5.8 x86 Georgi Guninski (Jun 04)
- Re: $HOME buffer overflow in SunOS 5.8 x86 Juergen P. Meier (Jun 05)
- Re: $HOME buffer overflow in SunOS 5.8 x86 Gunnar Wolf (Jun 05)
- Re: $HOME buffer overflow in SunOS 5.8 x86 Tohru Watanabe (Jun 05)
- Re: $HOME buffer overflow in SunOS 5.8 x86 Patrick Finch (Jun 05)
- Re: $HOME buffer overflow in SunOS 5.8 x86 Kris Kennaway (Jun 08)
- Re: $HOME buffer overflow in SunOS 5.8 x86 Gunnar Wolf (Jun 05)
- <Possible follow-ups>
- Re: $HOME buffer overflow in SunOS 5.8 x86 SChoe (Jun 05)
- Re: $HOME buffer overflow in SunOS 5.8 x86 Nicolas Dubee (Jun 05)
- Re: $HOME buffer overflow in SunOS 5.8 x86 Juergen P. Meier (Jun 05)