Re: $HOME buffer overflow in SunOS 5.8 x86

From: Patrick Finch (patat_private)
Date: Tue Jun 05 2001 - 18:44:42 PDT

  • Next message: Mads Peter Bach: "Re: SECURITY.NNOV: Netscape 4.7x Messanger user information retrival" 

    Solaris 8/Sparc actually appears to be vulnerable.
SunOS lager 5.8 Generic_108528-01 sun4u sparc SUNW,Ultra-1 with the same
signature as 5.7 below

Irix 6.5 doesn't appear to be....
bash-2.04$ HOME=`perl -e 'print "A"x1100'`
bash-2.04$ export HOME
bash-2.04$ mail a    [CTL-C]
a... User unknown
bash-2.04$ uname -a
IRIX64 vermeer 6.5 10181058 IP19
bash-2.04$ mail pfinch   [CTL-C]
bash-2.04$

Gunnar Wolf wrote:

> > Solaris/sparc appears not vulnerable. Maybe its an x86 bug only
>
> Solaris 7/Sparc is vulnerable:
>
> [gwolf@sun gwolf]$ uname -a
> SunOS sun.mydomain.org 5.7 Generic_106541-16 sun4u sparc SUNW,Ultra-5_10
> [gwolf@sun gwolf]$ HOME=`perl -e 'print "A"x1100'` ; export HOME
> [gwolf@sun gwolf]$ mail a
> ^Cmail: ERROR signal 10
> mail: ERROR signal 10
> mail: ERROR signal 10
> mail: ERROR signal 10
> mail: ERROR signal 10
> (...)

> ------------------------------------------------------------

> Gunnar Wolf - gwolfat_private - (+52)5623-1119
> Desarrollo y Admon. de Sistemas en Red - FES Iztacala - UNAM
> Departamento de Seguridad en Computo   -   DGSCA    -   UNAM
> ------------------------------------------------------------
> Quidquid latine dictum sit, altum viditur.

--
/**
 *  Patrick Finch
 *  Systems Administrator
 *  Monterey Network Center
 *  patat_private
 *  831-657-1510                ..- -... . .-. ..-. --- ---
**/

    This archive was generated by hypermail 2b30 : Tue Jun 05 2001 - 22:48:08 PDT