Debian Security Advisory

tcsh -- buffer overflow with very long paths

Date Reported:
22 Sep 1998
Affected Packages:
tcsh
Vulnerable:
Yes
Security database references:
No other external database security references currently available.
More information:

We have found that the tcsh shell had a problem with very long pathnames. When a very long path was encountered tcsh failed to check the result of getcwd() in all places, which could be exploited.

We recommend you upgrade your tcsh package immediately.

Fixed in:
All - (in release 2.0) 6.07.06-5