Topic: Buffer overflow in BASH
Advisory issue date: 7 November 1998
I. Problem Description
A buffer overflow can be caused in bash which could potentially be
exploited.
II. Impact
Description:
If you cd in to a directory which has a path name larger than 1024
bytes and you have 'w' included in your PS1 environment variable
(which makes the path to the current working directory appear in each
command line prompt), a buffer overflow will occur.
Vulnerable Systems:
OpenLinux 1.0, 1.1, 1.2, 1.3 systems using bash packages prior to
bash-1.14.7-6.
III. Solution
Correction:
The proper solution is to upgrade to the bash-1.14.7-6 package.
They can be found on Caldera's FTP site at:
ftp://ftp.caldera.com/pub/OpenLinux/updates/1.3/current/RPMS
The corresponding source code can be found at:
ftp://ftp.caldera.com/pub/OpenLinux/updates/1.3/current/SRPMS
The MD5 checksums (from the "md5sum" command) for these
packages are:
b95022619dce0c4680d62a17b1da586a RPMS/bash-1.14.7-6.i386.rpm
0c902d1cd5c4377c6777f6bb345f4090 SRPMS/bash-1.14.7-6.src.rpm
Upgrade with the following commands:
rpm -U bash-1.14.7-6.i386.rpm
IV. References
This and other Caldera security resources are located at:
http://www.caldera.com/news/security/index.html
Additional documentation on this problem can be found in:
http://www.geek-girl.com/bugtraq/1998_3/0761.html
This security fix closes Caldera's internal Problem Report 4161.
Caldera Security Advisory SA-1998.33: Buffer overflow in BASH
By
Get the Free Newsletter!
Subscribe to Developer Insider for top news, trends, & analysis