-----BEGIN PGP SIGNED MESSAGE-----

Subject: Caldera Security Advisory SA-1998.33: Buffer overflow in BASH

Topic: Buffer overflow in BASH
Advisory issue date: 7 November 1998


I. Problem Description

	A buffer overflow can be caused in bash which could potentially be
	exploited.
	
II. Impact

Description:

	If you cd in to a directory which has a path name larger than 1024
	bytes and you have '\w' included in your PS1 environment variable
	(which makes the path to the current working directory appear in each
	command line prompt), a buffer overflow will occur. 

Vulnerable Systems:

	OpenLinux 1.0, 1.1, 1.2, 1.3 systems using bash packages prior to
	bash-1.14.7-6.
	

III. Solution


Correction:

        The proper solution is to upgrade to the bash-1.14.7-6 package. 

        They can be found on Caldera's FTP site at:
	ftp://ftp.caldera.com/pub/OpenLinux/updates/1.3/current/RPMS

        The corresponding source code can be found at:
	ftp://ftp.caldera.com/pub/OpenLinux/updates/1.3/current/SRPMS

	The MD5 checksums (from the "md5sum" command) for these
	packages are:

	b95022619dce0c4680d62a17b1da586a  RPMS/bash-1.14.7-6.i386.rpm
	0c902d1cd5c4377c6777f6bb345f4090  SRPMS/bash-1.14.7-6.src.rpm

        Upgrade with the following commands:

	rpm -U bash-1.14.7-6.i386.rpm


IV. References

        This and other Caldera security resources are located at:
	http://www.caldera.com/news/security/index.html

        Additional documentation on this problem can be found in:
	http://www.geek-girl.com/bugtraq/1998_3/0761.html

        This security fix closes Caldera's internal Problem Report 4161.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBNkXYc+n+9R4958LpAQFxegP9HKxmHHlWBU8AkPLN0ume3WX0Iokqyq5I
HLzBaP80eX/xqEWuxP9DFTSgj+jiIp1xQXXhehI0oygQaYquC1klfEgVZXnb8mSd
7/hnzqgvDVdgK9WuJQmCOp7JzzFyeMhzayTJeBMRyqi3aEKFHucBm6TEtzFnEjGJ
9B0t85PXjak=
=9FlO
-----END PGP SIGNATURE-----