Topic: Buffer overflow in tcsh
Advisory issue date: 7 November 1998
I. Problem Description
A buffer overflow can be caused in tcsh which could potentially be
exploited.
II. Impact
Description:
This is the problem description for bash-1.14.7, but it is also valid
for tcsh-6.07.02.
If you cd in to a directory which has a path name larger than 1024
bytes and you have 'w' included in your PS1 environment variable
(which makes the path to the current working directory appear in each
command line prompt), a buffer overflow will occur.
Vulnerable Systems:
OpenLinux 1.0, 1.1, 1.2, 1.3 systems using bash packages prior to
tcsh-6.07.02-2.
III. Solution
Correction:
The proper solution is to upgrade to the tcsh-6.08.00-1 package.
They can be found on Caldera's FTP site at:
ftp://ftp.caldera.com/pub/OpenLinux/updates/1.3/current/RPMS
The corresponding source code can be found at:
ftp://ftp.caldera.com/pub/OpenLinux/updates/1.3/current/SRPMS
The MD5 checksums (from the "md5sum" command) for these
packages are:
5a2cc4cc4cc766de89866c2ac4f12d1b RPMS/tcsh-6.08.00-1.i386.rpm
8eaf0da446db368c6993b0c39feaddf3 RPMS/tcsh-doc-html-6.08.00-1.i386.rpm
2d25bb4d31d3a136665885152ff1624f SRPMS/tcsh-6.08.00-1.src.rpm
Upgrade with the following commands:
rpm -q tcsh & rpm -U tcsh-6.08.00-1.i386.rpm
rpm -q tcsh-doc-html & rpm -U tcsh-doc-html-6.08.00-1.i386.rpm
IV. References
This and other Caldera security resources are located at:
http://www.caldera.com/news/security/index.html
Additional documentation on a similar problem with bash can be
found in:
http://www.geek-girl.com/bugtraq/1998_3/0761.html
This security fix closes Caldera's internal Problem Report 4161.
Caldera Security Advisory SA-1998.34: Buffer overflow in tcsh
By
Get the Free Newsletter!
Subscribe to Developer Insider for top news, trends, & analysis