[7949] in bugtraq
Re: tcsh buffer overflow
daemon@ATHENA.MIT.EDU (Christos Zoulas)
Tue Sep 15 13:51:07 1998
Date: Tue, 15 Sep 1998 13:23:32 -0400
Reply-To: Christos Zoulas <christos@ZOULAS.COM>
From: Christos Zoulas <christos@ZOULAS.COM>
X-To: Wichert Akkerman <wichert@WIGGY.ML.ORG>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <19980915030224.A421@wiggy.ml.org> from Wichert Akkerman (Sep 15,
3:02am)
On Sep 15, 3:02am, wichert@WIGGY.ML.ORG (Wichert Akkerman) wrote:
-- Subject: tcsh buffer overflow
| --yrj/dFKFPuw6o+aM
| Content-Type: text/plain; charset=us-ascii
| Content-Transfer-Encoding: quoted-printable
|
|
| After the whole mess with bash recently I decided to take a short look
| at tcsh and found it has the same problems. Although tcsh-scripts
| are very uncommon, it's still exploitable. Below is a patch which
| should fix the problems.
|
But not all systems have getcwd()... This will have to be fixed in the
next version.
christos
