On Mon, Jun 04, 2001 at 06:14:30PM +0300, Georgi Guninski wrote: > $HOME buffer overflow in SunOS 5.8 x86 > Systems affected: > SunOS 5.8 x86 have not tested on other OSes > Risk: Medium > Date: 4 June 2001 > > Details: > HOME=`perl -e 'print "A"x1100'` ; export HOME > mail a > CTL-C > eip gets smashed with 0x41414141. 0:jpmeier@sol:~> HOME=`perl -e 'print "A"x1100'` ; export HOME 0:jpmeier@sol:/home/jpmeier> mail a ^Cmail: Mail saved in dead.letter 1:jpmeier@sol:/home/jpmeier> uname -a SunOS sol 5.8 Generic_108528-04 sun4u sparc SUNW,Ultra-5_10 also tried larger buffers. Solaris/sparc appears not vulnerable. Maybe its an x86 bug only > Workaround: > chmod -s /usr/bin/mail > Vendor status: > Sun was informed on 29 May 2001 about /usr/bin/mail and shall release patches. juergen -- Juergen P. Meier email: jpmat_private
This archive was generated by hypermail 2b30 : Tue Jun 05 2001 - 11:20:15 PDT