On Thursday 27 June 2002 03:41, you wrote: > OS : Solaris 8 > > [sf280r]#/home/dragory> bash > [dragory@sf280r dragory]$ export HOME=`perl -e 'print "x"x5000'` > [dragory@sf280r dragory]$ su > Password:(input correct password) > Segmentation Fault (core dumped) > [dragory@sf280r dragory]$ ls -l core > -rw------- 1 root 580464 Jun 27 12:29 core > [sf280r]#/home/dragory> gdb -q tcsh core > (no debugging symbols found)...Core was generated by `tcsh'. > Program terminated with signal 11, Segmentation Fault. > #0 0x29be4 in doglob () > > Is this vulnerable? > > > > _________________________________________________________________ > MSN Explorer°¡ ÀÖÀ¸¸é Hotmail »ç¿ëÀÌ ÈξÀ Æí¸®ÇØ Áý´Ï´Ù. Áö±Ý > http://explorer.msn.co.kr/ ¿¡¼ ¹«·á·Î ´Ù¿î·ÎµåÇϼ¼¿ä. Well depend if you su to another user for example user narf And you can overflow it , It is a vulnerability.
This archive was generated by hypermail 2b30 : Thu Jun 27 2002 - 11:30:29 PDT