[5743] in bugtraq
Re: Possible Solaris 2.6 hole at(1M)
daemon@ATHENA.MIT.EDU (Casper Dik)
Fri Dec 5 08:31:27 1997
Date: Thu, 4 Dec 1997 21:52:19 +0100
Reply-To: Casper Dik <casper@HOLLAND.SUN.COM>
From: Casper Dik <casper@HOLLAND.SUN.COM>
X-To: sp00n <sp00n@COUPLER.300BAUD.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of "Tue, 02 Dec 1997 10:59:28 EST."
<Pine.BSF.3.96.971202104119.17093A-100000@coupler.300baud.com>
>hi,
>
>In Solaris 2.6, at(1M) SIGBUS's when it is run from a directory more than
>512 bytes long. I coudlnt tell you if this is exploitable, but it
>looks promising. It's just the at program itself it seems, even though
>it's dynamicly linked, Dosent seem like a problem with the librarys.
You haven't been reading up on Solaris patch reports by chance?
Patch-ID# 105393-01
Keywords: security at 512 bus error
Synopsis: SunOS 5.6: /usr/bin/at patch
Date: Oct/14/97
Solaris Release: 2.6
SunOS Release: 5.6
...
Files included with this patch:
/usr/bin/at
Problem Description:
4063161 *at* from 512 byte long directory gives bus error.
All at patches are (dating from august - oct)
102693-05: SunOS 5.4: at/atrm/atq/cron/crontab patch
102694-05: SunOS 5.4_x86: /usr/bin/at patch
103690-05: SunOS 5.5.1: cron/crontab/at/atq/atrm patch
103691-05: SunOS 5.5.1_x86: cron/crontab/at/atq/atrm patch
103723-05: SunOS 5.5: /usr/bin/at patch
103724-05: SunOS 5.5_x86: /usr/bin/at patch
105393-01: SunOS 5.6: /usr/bin/at patch
105394-01: SunOS 5.6_x86: /usr/bin/at patch
