Dear Roland Postle, It looks to be the only correct post in this thread :) Yes, it's definitely bug in glibc, not in bash itself (same versions of bash on libc systems like FreeBSD are not affected). Recurse call stack overflow is believed not to be exploitable to code execution, but since this bug is in library it may be treated as security one as it may be exploited remotely (at least as a DoS) in a case glob_filename is used in some network service. --Thursday, February 13, 2003, 8:34:36 PM, you wrote to vuln-devat_private: >>During some work, I noticed GNU bash could be crashed by sending a >>malformed perl request to the terminal. >> >> example: `perl -e 'print "*/*" x 3500'` >> <bash crashes> RP> It's a stack overflow, due to glob_filename (in glob.c) recursively RP> calling itself while parsing the filename. So probably not exploitable. RP> - Blazde -- ~/ZARAZA Бросьте стараться - ничего из этого не выйдет. (Твен)
This archive was generated by hypermail 2b30 : Sat Feb 15 2003 - 08:17:13 PST