Caldera Security Advisory SA-1998.33: Buffer overflow in BASH

Topic: Buffer overflow in BASH
Advisory issue date: 7 November 1998

I. Problem Description

  A buffer overflow can be caused in bash which could potentially be

II. Impact


  If you cd in to a directory which has a path name larger than 1024
  bytes and you have 'w' included in your PS1 environment variable
  (which makes the path to the current working directory appear in each
  command line prompt), a buffer overflow will occur.

Vulnerable Systems:

  OpenLinux 1.0, 1.1, 1.2, 1.3 systems using bash packages prior to

III. Solution


        The proper solution is to upgrade to the bash-1.14.7-6 package.

        They can be found on Caldera's FTP site at:

        The corresponding source code can be found at:

  The MD5 checksums (from the "md5sum" command) for these
  packages are:

  b95022619dce0c4680d62a17b1da586a  RPMS/bash-1.14.7-6.i386.rpm
  0c902d1cd5c4377c6777f6bb345f4090  SRPMS/bash-1.14.7-6.src.rpm

        Upgrade with the following commands:

  rpm -U bash-1.14.7-6.i386.rpm

IV. References

        This and other Caldera security resources are located at:

        Additional documentation on this problem can be found in:

        This security fix closes Caldera's internal Problem Report 4161.

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis