Re: csh/tcsh vulnerability

From: Idan l. (shadow@x-war.net)
Date: Thu Jun 27 2002 - 05:26:15 PDT

  • Next message: Elan Hasson: "RE: DoS_Browser"

    On Thursday 27 June 2002 03:41, you wrote:
    > OS : Solaris 8
    >
    > [sf280r]#/home/dragory> bash
    > [dragory@sf280r dragory]$ export HOME=`perl -e 'print "x"x5000'`
    > [dragory@sf280r dragory]$ su
    > Password:(input correct password)
    > Segmentation Fault (core dumped)
    > [dragory@sf280r dragory]$ ls -l core
    > -rw-------   1 root       580464 Jun 27 12:29 core
    > [sf280r]#/home/dragory> gdb -q tcsh core
    > (no debugging symbols found)...Core was generated by `tcsh'.
    > Program terminated with signal 11, Segmentation Fault.
    > #0  0x29be4 in doglob ()
    >
    > Is this vulnerable?
    >
    >
    >
    > _________________________________________________________________
    > MSN Explorer°¡ ÀÖÀ¸¸é Hotmail »ç¿ëÀÌ ÈξÀ Æí¸®ÇØ Áý´Ï´Ù. Áö±Ý
    > http://explorer.msn.co.kr/ ¿¡¼­ ¹«·á·Î ´Ù¿î·ÎµåÇϼ¼¿ä.
    
    
    Well depend if you su to another user for example user narf 
    And you can overflow it , It is a vulnerability.
    



    This archive was generated by hypermail 2b30 : Thu Jun 27 2002 - 11:30:29 PDT