Caldera Security Advisory SA-1998.33: Buffer overflow in BASH

Topic: Buffer overflow in BASH
Advisory issue date: 7 November 1998


I. Problem Description

  A buffer overflow can be caused in bash which could potentially be
  exploited.

II. Impact

Description:

  If you cd in to a directory which has a path name larger than 1024
  bytes and you have 'w' included in your PS1 environment variable
  (which makes the path to the current working directory appear in each
  command line prompt), a buffer overflow will occur.

Vulnerable Systems:

  OpenLinux 1.0, 1.1, 1.2, 1.3 systems using bash packages prior to
  bash-1.14.7-6.


III. Solution


Correction:

        The proper solution is to upgrade to the bash-1.14.7-6 package.

        They can be found on Caldera's FTP site at:
  ftp://ftp.caldera.com/pub/OpenLinux/updates/1.3/current/RPMS

        The corresponding source code can be found at:
  ftp://ftp.caldera.com/pub/OpenLinux/updates/1.3/current/SRPMS

  The MD5 checksums (from the "md5sum" command) for these
  packages are:

  b95022619dce0c4680d62a17b1da586a  RPMS/bash-1.14.7-6.i386.rpm
  0c902d1cd5c4377c6777f6bb345f4090  SRPMS/bash-1.14.7-6.src.rpm

        Upgrade with the following commands:

  rpm -U bash-1.14.7-6.i386.rpm


IV. References

        This and other Caldera security resources are located at:
  http://www.caldera.com/news/security/index.html

        Additional documentation on this problem can be found in:
  http://www.geek-girl.com/bugtraq/1998_3/0761.html

        This security fix closes Caldera's internal Problem Report 4161.