While few days ago there was discussion about bash overflow on bugtraq i found another overflow in tcsh-6.07.09-1 [ rh 5.2 ]. The problem is in too long $HOME evironment variable [ very old thing - zgv overflow ]. I don't know if it's a dangerous problem, but like someone said this shell can be used in some kind of script with SUID, etc. example: $ HOME=AAAAAAAAAAAAAAA...AAA $ export HOME $ tcsh Segmentation fault (core dumped) $ gdb tcsh core GNU gdb 4.17.0.4 with Linux/x86 hardware watchpoint and FPU support Copyright 1998 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-redhat-linux"... (no debugging symbols found)... Core was generated by `-csh'. Program terminated with signal 11, Segmentation fault. Reading symbols from /lib/libnsl.so.1...done. Reading symbols from /lib/libtermcap.so.2...done. Reading symbols from /lib/libcrypt.so.1...done. Reading symbols from /lib/libc.so.6...done. Reading symbols from /lib/ld-linux.so.2...done. Reading symbols from /lib/libnss_files.so.1...done. #0 0x410041 in ?? () (gdb) hmmm... that's all =) sorry, if it's not a new thing, but i haven't seen anything like this before on bugtraq... arkth [holix inc.] -- mail: arkthat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:46:08 PDT