Re: Possible Solaris 2.6 hole at(1M)

Casper Dik (casper@HOLLAND.SUN.COM)
Thu, 04 Dec 1997 21:52:19 +0100

>In Solaris 2.6, at(1M) SIGBUS's when it is run from a directory more than
>512 bytes long. I coudlnt tell you if this is exploitable, but it
>looks promising. It's just the at program itself it seems, even though
>it's dynamicly linked, Dosent seem like a problem with the librarys.

You haven't been reading up on Solaris patch reports by chance?

Patch-ID# 105393-01
Keywords: security at 512 bus error
Synopsis: SunOS 5.6: /usr/bin/at patch
Date: Oct/14/97

Solaris Release: 2.6

SunOS Release: 5.6


Files included with this patch:


Problem Description:

4063161 *at* from 512 byte long directory gives bus error.

All at patches are (dating from august - oct)

102693-05: SunOS 5.4: at/atrm/atq/cron/crontab patch
102694-05: SunOS 5.4_x86: /usr/bin/at patch
103690-05: SunOS 5.5.1: cron/crontab/at/atq/atrm patch
103691-05: SunOS 5.5.1_x86: cron/crontab/at/atq/atrm patch
103723-05: SunOS 5.5: /usr/bin/at patch
103724-05: SunOS 5.5_x86: /usr/bin/at patch
105393-01: SunOS 5.6: /usr/bin/at patch
105394-01: SunOS 5.6_x86: /usr/bin/at patch