Vulnerability Development mailing list archives

RE: Bug in bash ?

From: "Ryan Sweat" <ryans () cecentertainment com>
Date: Mon, 12 Nov 2001 10:14:35 -0600


This is also interesting.  It exists in at least Redhat versions 5.2 - 7.2.

% export DISPLAY=`perl -e 'print "%s"x9000'` ; telnet 0
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.
Segmentation fault (core dumped)

telnet client dies.  Note that this only occurs when making a connection to
a legitimate host with telnetd enabled.  In this example I have in.telnetd
running locally.

-ryan

-----Original Message-----
From: Steve Micallef [mailto:stevenm () ot com au]
Sent: Sunday, November 11, 2001 6:40 PM
To: Patryk Chmielewski
Cc: vuln-dev () securityfocus com
Subject: Re: Bug in bash ?


What version of bash are you running? And on what OS?

Regards,

Steve Micallef

On Sun, 11 Nov 2001, Patryk Chmielewski wrote:

When I was runnig some programs like vi or mpg123 with parameter with many
"%s/*" i have strange results fe.
argv@jaskinia:~$ mpg123 `perl -e 'print "/*%s"x9000'`
[now i'm seeing prompt to login]

As you can see after this command shell (bash) is exiting.
It's don't work under tcsh and csh:

tcsh:

mpg123 `perl -e 'print "/*%s"x9000'`

Word too long.


csh:
%mpg123 `perl -e 'print "/*%s"x9000'`
Word too long.
%

I don't tried it under other shells.

--
-=[  Patryk Chmielewski   -> :: <-   argv () jaskinia eu org  ]=-
-=[   ******      http://argv.jaskinia.eu.org     ******   ]=-
-=[ "If you lie to the compiler, it will get its revenge." ]=-

Current thread:

Bug in bash ? Patryk Chmielewski (Nov 11)
- Re: Bug in bash ? Steve Micallef (Nov 11)
  - Re: Bug in bash ? Caiaphas Pechorin (Nov 12)
    - Re: Bug in bash ? VeNoMouS (Nov 12)
    - Re: Bug in bash ? Vasisht Tadigotla (Nov 12)
  - RE: Bug in bash ? Ryan Sweat (Nov 12)
    - Re: Bug in bash ? Syzop (Nov 12)
- Re: Bug in bash ? kEndE iS tHe bESt (Nov 12)
- Re: Bug in bash ? walter valenti (Nov 12)