COMMAND

    tcsh

SYSTEMS AFFECTED

    RedHat 5.2 and others using tcsh 6.07.09-1

PROBLEM

    arkth posted following  about another overflow  in tcsh-6.07.09-1.
    The problem  is in  too long  $HOME evironment  variable (very old
    thing -  zgv overflow).   It's not  a dangerous  problem, but like
    someone said this shell  can be used in  some kind of script  with
    SUID, etc.  Example:

        $ HOME=AAAAAAAAAAAAAAA...AAA
        $ export HOME
        $ tcsh
        Segmentation fault (core dumped)
        $ gdb tcsh core
        GNU gdb 4.17.0.4 with Linux/x86 hardware watchpoint and FPU support
        Copyright 1998 Free Software Foundation, Inc.
        GDB is free software, covered by the GNU General Public License, and you are
        welcome to change it and/or distribute copies of it under certain conditions.
        Type "show copying" to see the conditions.
        There is absolutely no warranty for GDB.  Type "show warranty" for details.
        This GDB was configured as "i386-redhat-linux"...
        (no debugging symbols found)...
        Core was generated by `-csh'.
        Program terminated with signal 11, Segmentation fault.
        Reading symbols from /lib/libnsl.so.1...done.
        Reading symbols from /lib/libtermcap.so.2...done.
        Reading symbols from /lib/libcrypt.so.1...done.
        Reading symbols from /lib/libc.so.6...done.
        Reading symbols from /lib/ld-linux.so.2...done.
        Reading symbols from /lib/libnss_files.so.1...done.
        #0  0x410041 in ?? ()
        (gdb)

SOLUTION
    V6.07.12  fixed  it.   However,  the  "exploit"  given  using tcsh
    6.08.04 will result that tcsh still crashes, but this time with  a
    SIGABRT rather than SIGSEGV.