Crashing the shell 2.05a & b

bug-bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Crashing the shell 2.05a & b

From:	Steve G
Subject:	Crashing the shell 2.05a & b
Date:	Sat, 15 Feb 2003 08:38:54 -0800 (PST)

Configuration Information [Automatically generated, do not
change]:
Machine: i686
OS: linux-gnu
Compiler: gcc
Compilation CFLAGS:  -DPROGRAM='bash'
-DCONF_HOSTTYPE='i686' -DCONF_OSTYPE='linux-gnu'
-DCONF_MACHTYPE='i686-pc-linux-gnu' -DCONF_VENDOR='pc'
-DSHELL -DHAVE_CONFIG_H  -D_GNU_SOURCE  -I.  -I.
-I./include -I./lib -O2 -march=i386 -mcpu=i686
uname output: Linux beast 2.4.18-24.7.x #1 Fri Jan 31
07:46:03 EST 2003 i686 unknown
Machine Type: i686-pc-linux-gnu

Bash Version: 2.05a
Patch Level: 0
Release Status: release

Description:
        `perl -e 'print "*/*" x 2400'`  will crash both the 2.05a
& b shell. This was reported on the vuln-dev mailing list.
I just wanted to make sure you know that both versions are
vulnerable. The results of the crash is that you are logged
out. 

Repeat-By:
        

Fix:
        I think some buffer checking for the grave operator is in order.

__________________________________________________
Do you Yahoo!?
Yahoo! Shopping - Send Flowers for Valentine's Day
http://shopping.yahoo.com

[Prev in Thread]

Current Thread

[Next in Thread]

Crashing the shell 2.05a & b, Steve G <=

Prev by Date: Your mail to address@hidden
Next by Date: massive bug with LC_CTYPE vs. less than one line responses
Previous by thread: Your mail to address@hidden
Next by thread: massive bug with LC_CTYPE vs. less than one line responses
Index(es):
- Date
- Thread