[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[stalk:01093] Re: CA-2001-34 workaround?

To: security-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [stalk:01093] Re: CA-2001-34 workaround?
From: Gouya Naozumi <gouya@xxxxxxxxx>
Date: Fri, 14 Dec 2001 16:04:19 +0900

(B
(B
(B> $B$H$$$&$3$H$G!"$I$J$?$+$3$N7o$N6qBNE*$JLdBj$r2!$($F$$$?$j$7$^$;$s(B
(B> $B$G$7$g$&$+!#$=$l$,J,$+$l$PBP=h$N$7$h$&$b$"$k$H$$$&$3$H$G!#(B
(B
(Bbugtraq $B$KN.$l$F$$$?FbMF$G$9$N$G!"(B
$B$4B8CN$+$b$7$l$J$$$N$G$9$,!#(B
(B
(Bhttp://www.securityfocus.com/archive/1/245149
(B> Traditionally SYSV login accepts "username name=value name=value..."
(B> both from the command line and from stdin. It isn't hard to find out
(B> if you can/cannot clobber process memory by specifying a sufficient
(B> number of name=value values.
(B
$B$H$$$&$3$H$G$7$?$N$G!"(BSPARC $BHG(B Solaris8 $B$G0J2<$N(B
$B$h$&$J$b$N$r;n$7$F$_$?$N$G$9$,!"$=$N$H$-$O(B
$BFC$KLdBj$J$/0=c(B
(B
(B--
(B- $B$3$N%a%$%j%s%0%j%9%H$K4X$9$khttp://transfer.infoseek.co.jp/Trlast?pg=tr_last_top.html&svx=971122

References:
- [stalk:01092] CA-2001-34 workaround?
  - From: Koga Youichirou

Prev by Date: [stalk:01092] CA-2001-34 workaround?
Next by Date: [stalk:01094] $B8D?M;HMQ%N!<(B$B%H%Q%=%3%s@\B3@)8B(B
Previous by thread: [stalk:01092] CA-2001-34 workaround?
Next by thread: [stalk:01094] $B8D?M;HMQ%N!<(B$B%H%Q%=%3%s@\B3@)8B(B
Index(es):
- Date
- Thread