From support@caldera.com Wed Nov 11 01:44:47 1998 From: Caldera Support To: Caldera Announce Date: 11 Nov 1998 00:13:11 -0000 Reply-To: info@caldera.com Subject: Caldera Security Advisory SA-1998.34: Buffer overflow in tcsh -----BEGIN PGP SIGNED MESSAGE----- Subject: Caldera Security Advisory SA-1998.34: Buffer overflow in tcsh Topic: Buffer overflow in tcsh Advisory issue date: 7 November 1998 I. Problem Description A buffer overflow can be caused in tcsh which could potentially be exploited. II. Impact Description: This is the problem description for bash-1.14.7, but it is also valid for tcsh-6.07.02. If you cd in to a directory which has a path name larger than 1024 bytes and you have '\w' included in your PS1 environment variable (which makes the path to the current working directory appear in each command line prompt), a buffer overflow will occur. Vulnerable Systems: OpenLinux 1.0, 1.1, 1.2, 1.3 systems using bash packages prior to tcsh-6.07.02-2. III. Solution Correction: The proper solution is to upgrade to the tcsh-6.08.00-1 package. They can be found on Caldera's FTP site at: ftp://ftp.caldera.com/pub/OpenLinux/updates/1.3/current/RPMS The corresponding source code can be found at: ftp://ftp.caldera.com/pub/OpenLinux/updates/1.3/current/SRPMS The MD5 checksums (from the "md5sum" command) for these packages are: 5a2cc4cc4cc766de89866c2ac4f12d1b RPMS/tcsh-6.08.00-1.i386.rpm 8eaf0da446db368c6993b0c39feaddf3 RPMS/tcsh-doc-html-6.08.00-1.i386.rpm 2d25bb4d31d3a136665885152ff1624f SRPMS/tcsh-6.08.00-1.src.rpm Upgrade with the following commands: rpm -q tcsh & rpm -U tcsh-6.08.00-1.i386.rpm rpm -q tcsh-doc-html & rpm -U tcsh-doc-html-6.08.00-1.i386.rpm IV. References This and other Caldera security resources are located at: http://www.caldera.com/news/security/index.html Additional documentation on a similar problem with bash can be found in: http://www.geek-girl.com/bugtraq/1998_3/0761.html This security fix closes Caldera's internal Problem Report 4161. -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNkXYi+n+9R4958LpAQHKfAP+NwTXrDVWmri1cvollTv7uJd78zk8RXZK QIYCG+0t4ldGrmEn1e8yEinGTIiXbm0iIqYQiShVVEhS00D3ysMyslRZUnOiRwzh LYv9+17t+Zmmp/PK3cHozLkOXm/4/UpRg6X3D0tCakBGmoIGZC91wzCjIHmpLAdZ 4HPM2oSPyFU= =a2vg -----END PGP SIGNATURE----- - Notes: To learn how to use this list server, email a "help" command to majordomo@rim.caldera.com.