Bugtraq mailing list archives
Re: Possible Solaris 2.6 hole at(1M)
From: casper () HOLLAND SUN COM (Casper Dik)
Date: Thu, 4 Dec 1997 21:52:19 +0100
hi, In Solaris 2.6, at(1M) SIGBUS's when it is run from a directory more than 512 bytes long. I coudlnt tell you if this is exploitable, but it looks promising. It's just the at program itself it seems, even though it's dynamicly linked, Dosent seem like a problem with the librarys.
You haven't been reading up on Solaris patch reports by chance? Patch-ID# 105393-01 Keywords: security at 512 bus error Synopsis: SunOS 5.6: /usr/bin/at patch Date: Oct/14/97 Solaris Release: 2.6 SunOS Release: 5.6 ... Files included with this patch: /usr/bin/at Problem Description: 4063161 *at* from 512 byte long directory gives bus error. All at patches are (dating from august - oct) 102693-05: SunOS 5.4: at/atrm/atq/cron/crontab patch 102694-05: SunOS 5.4_x86: /usr/bin/at patch 103690-05: SunOS 5.5.1: cron/crontab/at/atq/atrm patch 103691-05: SunOS 5.5.1_x86: cron/crontab/at/atq/atrm patch 103723-05: SunOS 5.5: /usr/bin/at patch 103724-05: SunOS 5.5_x86: /usr/bin/at patch 105393-01: SunOS 5.6: /usr/bin/at patch 105394-01: SunOS 5.6_x86: /usr/bin/at patch
Current thread:
- Linux inetd.. moOd (Nov 30)
- Re: Linux inetd.. Aleph One (Dec 01)
- an detailed explaination why land attack works? Feiyi Wang (Nov 29)
- Possible Solaris 2.6 hole at(1M) sp00n (Dec 02)
- Re: Possible Solaris 2.6 hole at(1M) Casper Dik (Dec 04)
- Re: an detailed explaination why land attack works? Bill Paul (Dec 03)
- Fw: Insufficient allocations in net/unix/garbage.c (fwd) Phillip R. Jaenke (Dec 03)
- Re: Fw: Insufficient allocations in net/unix/garbage.c (fwd) Alan Cox (Dec 04)
- an detailed explaination why land attack works? Feiyi Wang (Nov 29)
- Sun Security Bulletin #00159 (fwd) Howie (Dec 03)
- Sun Security Bulletin #00160 (fwd) Howie (Dec 03)
- Q165005: Windows NT Slows Down Due to Land Attack Aleph One (Dec 04)
- Q177539: Windows 95 Stops Responding Because of Land Attack Aleph One (Dec 04)
- Re: Linux inetd.. Aleph One (Dec 01)
- More telnet Daemon Fun Aaron Campbell (Dec 01)
- Re: More telnet Daemon Fun Elliot Lee (Dec 02)
- tcsh/Solaris (Re: More telnet Daemon Fun) Peter Radcliffe (Dec 03)