Vulnerability Development: RE: Solaris 7 dtmailpr buffer overflow - word too long terminal f reeze

["Bruno Hivert (LMC)" <Bruno.Hivert () ericsson ca>]

Quick question here: usually, the dreaded "word too long" problem appears
because the _current_shell_ does not know how to handle the command line.
By any (un)luck, weren't you guys running tcsh as you command shell, instead
of bash/sh ?

/Bruno

P.S: the problem happends on my RH 6.2 box too...
$ cat /etc/issue

Red Hat Linux release 6.2 (Zoot)
Kernel 2.4.13 on an i686

$ vim `perl -e 'print "A"x1200'`
Vim: Caught deadly signal SEGV
Vim: Finished.

$ vim --help
VIM - Vi IMproved 5.7 (2000 Jun 24, compiled Jan 31 2001 06:10:12)
(...)
-----Original Message-----
From: dotslash () snosoft com [mailto:dotslash () snosoft com]
Sent: Thursday, November 08, 2001 5:07 PM
To: Walter Park
Cc: ARAI Yuu; VULN-DEV () securityfocus com
Subject: Re: Solaris 7 dtmailpr buffer overflow - word too long terminal
freeze


Speaking of terminal locking up... on OSX I noticed when I try to 
overflow buffers with perl -e print blah blah I get
word too long at some point.... as soon as I hit the Word too long sweet 
spot ... give it a few more A's and it usually
aggrivates the terminal to the point to which it is useless... does 
anyone know why? I think this gentleman below had the
same sort of thing happen to him.
-KF

On Friday, November 9, 2001, at 06:42 AM, Walter Park wrote:

> I can not reproduce this error:
>
> ------------------------------
> some.solaris: uname -a
> SunOS some.machine.edu 5.7 Generic_106542-17 i86pc i386 i86pc
>
> some.solaris: /usr/dt/bin/dtmail -f `perl -e 'print "A"x1200'`
> Word too long
> ------------------------------
> Solaris 7 for Intel with the 7_x86_Recommended.zip patches from Sun.
> It did lock up my terminal but no segfault and no core.
>
> Walt