csh/tcsh vulnerability

• Previous message: Magnus Bodin: "Re: OpenSSH advisory"
• Next in thread: Valdis.Kletnieksat_private: "Re: csh/tcsh vulnerability"
• Reply: Valdis.Kletnieksat_private: "Re: csh/tcsh vulnerability"
• Reply: Idan l.: "Re: csh/tcsh vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

OS : Solaris 8
 
[sf280r]#/home/dragory> bash
[dragory@sf280r dragory]$ export HOME=`perl -e 'print "x"x5000'`
[dragory@sf280r dragory]$ su
Password:(input correct password)
Segmentation Fault (core dumped)
[dragory@sf280r dragory]$ ls -l core
-rw-------   1 root       580464 Jun 27 12:29 core
[sf280r]#/home/dragory> gdb -q tcsh core
(no debugging symbols found)...Core was generated by `tcsh'.
Program terminated with signal 11, Segmentation Fault.
#0  0x29be4 in doglob ()
 
Is this vulnerable?



_________________________________________________________________
MSN Explorer°¡ ÀÖÀ¸¸é Hotmail »ç¿ëÀÌ ÈξÀ Æí¸®ÇØ Áý´Ï´Ù. Áö±Ý 
http://explorer.msn.co.kr/ ¿¡¼­ ¹«·á·Î ´Ù¿î·ÎµåÇϼ¼¿ä.

• Next message: ash: "Re: Java and buffer overflows"
• Previous message: Magnus Bodin: "Re: OpenSSH advisory"
• Next in thread: Valdis.Kletnieksat_private: "Re: csh/tcsh vulnerability"
• Reply: Valdis.Kletnieksat_private: "Re: csh/tcsh vulnerability"
• Reply: Idan l.: "Re: csh/tcsh vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jun 26 2002 - 21:59:09 PDT