I do not think this is a new bug. Actually, the overflow is not at changing the ttyprompt remotely. in fact, if you just use "a", instead of "abcdef", as TTYPROMPT, it will still work. the overflow is that long user name with multiple space, all the "c " will be taken as environment. it is the very bug of SYS V derived login buffer overflow. bid:3681. But, the remote setting of TTYPROMPT does matter. you can not succeed in login without remotely changing the TTYPROMPT. This is also the bug mentioned in Jonathan's original letter (bid:5531). If you have applied patches for these 2 bugs, you are safe now. BTW: you can change multiple "c "s to "a=b"s, actually, since SYS V login treat " " as environ var separator, you can also use >=64 words separated by " " or "\t". they will all work. -- bu,zheng <buzheng2001@yahoo.com>
