[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Crashing the shell 2.05a & b
From: |
Steve G |
Subject: |
Crashing the shell 2.05a & b |
Date: |
Sat, 15 Feb 2003 08:38:54 -0800 (PST) |
Configuration Information [Automatically generated, do not
change]:
Machine: i686
OS: linux-gnu
Compiler: gcc
Compilation CFLAGS: -DPROGRAM='bash'
-DCONF_HOSTTYPE='i686' -DCONF_OSTYPE='linux-gnu'
-DCONF_MACHTYPE='i686-pc-linux-gnu' -DCONF_VENDOR='pc'
-DSHELL -DHAVE_CONFIG_H -D_GNU_SOURCE -I. -I.
-I./include -I./lib -O2 -march=i386 -mcpu=i686
uname output: Linux beast 2.4.18-24.7.x #1 Fri Jan 31
07:46:03 EST 2003 i686 unknown
Machine Type: i686-pc-linux-gnu
Bash Version: 2.05a
Patch Level: 0
Release Status: release
Description:
`perl -e 'print "*/*" x 2400'` will crash both the 2.05a
& b shell. This was reported on the vuln-dev mailing list.
I just wanted to make sure you know that both versions are
vulnerable. The results of the crash is that you are logged
out.
Repeat-By:
Fix:
I think some buffer checking for the grave operator is in order.
__________________________________________________
Do you Yahoo!?
Yahoo! Shopping - Send Flowers for Valentine's Day
http://shopping.yahoo.com
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Crashing the shell 2.05a & b,
Steve G <=