|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Juergen P. Meier (jpm
class.de)Date: Tue Jun 05 2001 - 08:33:05 CDT
On Mon, Jun 04, 2001 at 06:14:30PM +0300, Georgi Guninski wrote:
> $HOME buffer overflow in SunOS 5.8 x86
> Systems affected:
> SunOS 5.8 x86 have not tested on other OSes
> Risk: Medium
> Date: 4 June 2001
>
> Details:
> HOME=`perl -e 'print "A"x1100'` ; export HOME
> mail a
> CTL-C
> eip gets smashed with 0x41414141.
0:jpmeiersol:~> HOME=`perl -e 'print "A"x1100'` ; export HOME
0:jpmeiersol:/home/jpmeier> mail a
^Cmail: Mail saved in dead.letter
1:jpmeiersol:/home/jpmeier> uname -a
SunOS sol 5.8 Generic_108528-04 sun4u sparc SUNW,Ultra-5_10
also tried larger buffers.
Solaris/sparc appears not vulnerable. Maybe its an x86 bug only
> Workaround:
> chmod -s /usr/bin/mail
> Vendor status:
> Sun was informed on 29 May 2001 about /usr/bin/mail and shall release patches.
juergen
-- Juergen P. Meier email: jpm
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]