Re: Bash Blues.

From: Roland Postle (mail@blazde.co.uk)
Date: 02/13/03

Next message: TerraTrans Security: "Re: Bash Blues."

Previous message: Andrew Walkingshaw: "Re: Bash Blues."
In reply to: uk2sec@oakey.no-ip.com: "Bash Blues."
Next in thread: 3APA3A: "glibc glob_filename() recurse call stack overflow (Re[2]: Bash Blues)"
Reply: 3APA3A: "glibc glob_filename() recurse call stack overflow (Re[2]: Bash Blues)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Roland Postle" <mail@blazde.co.uk>
To: "vuln-dev@securityfocus.com" <vuln-dev@securityfocus.com>, "uk2sec@oakey.no-ip.com" <uk2sec@oakey.no-ip.com>
Date: Thu, 13 Feb 2003 17:34:36 +0000

>During some work, I noticed GNU bash could be crashed by sending a
>malformed perl request to the terminal.
>
> example: `perl -e 'print "*/*" x 3500'`
> <bash crashes>

It's a stack overflow, due to glob_filename (in glob.c) recursively
calling itself while parsing the filename. So probably not exploitable.

- Blazde

Next message: TerraTrans Security: "Re: Bash Blues."
Previous message: Andrew Walkingshaw: "Re: Bash Blues."
In reply to: uk2sec@oakey.no-ip.com: "Bash Blues."
Next in thread: 3APA3A: "glibc glob_filename() recurse call stack overflow (Re[2]: Bash Blues)"
Reply: 3APA3A: "glibc glob_filename() recurse call stack overflow (Re[2]: Bash Blues)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]