Re: 'export RESOLV_HOST_CONF= any file you want' local vulnerability

To: Bob Bernstein <bob@ruptured-duck.com>
Cc: debian-security@lists.debian.org
Subject: Re: 'export RESOLV_HOST_CONF= any file you want' local vulnerability
From: Wichert Akkerman <wichert@cistron.nl>
Date: Tue, 9 Jan 2001 00:11:01 +0100
Message-id: <[🔎] 20010109001100.B26184@cistron.nl>
Mail-followup-to: Bob Bernstein <bob@ruptured-duck.com>, debian-security@lists.debian.org
In-reply-to: <[🔎] 200101082007.f08K7Yh22230@robert.ruptured-duck.org>; from bob@ruptured-duck.com on Mon, Jan 08, 2001 at 03:07:26PM -0500
References: <[🔎] Pine.LNX.4.31.0101081331280.20955-100000@io.88.net> <[🔎] Pine.LNX.4.31.0101081752230.25739-100000@io.88.net> <[🔎] 20010108191453.A30284@cistron.nl> <[🔎] 200101082007.f08K7Yh22230@robert.ruptured-duck.org>

Previously Bob Bernstein wrote:
> Since this vulnerability is now "in the wild," so to speak, due to this
> very discussion, isn't it a good idea to make an announcement to the
> effect that at the very least fping should have its setuid root
> removed?

You might as well remove all suid bits from all apps from your system,
a reasonably large number of programs will be vulnerrable I'm afraid.
A fix is being prepared, hopefully we'll have it later today or
tomorrow.

Wichert.

-- 
   ________________________________________________________________
 / Generally uninteresting signature - ignore at your convenience  \
| wichert@cistron.nl                  http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |

Reply to:

Follow-Ups:
- Re: 'export RESOLV_HOST_CONF= any file you want' local vulnerability
  - From: Bob Bernstein <bob@ruptured-duck.com>

References:
- 'export RESOLV_HOST_CONF= any file you want' local vulnerability
  - From: thomas lakofski <thomas@88.net>
- Re: 'export RESOLV_HOST_CONF= any file you want' local vulnerability
  - From: thomas lakofski <thomas@88.net>
- Re: 'export RESOLV_HOST_CONF= any file you want' local vulnerability
  - From: Wichert Akkerman <wichert@cistron.nl>
- Re: 'export RESOLV_HOST_CONF= any file you want' local vulnerability
  - From: Bob Bernstein <bob@ruptured-duck.com>

Prev by Date: Re: 'export RESOLV_HOST_CONF= any file you want' local vulnerability
Next by Date: Re: 'export RESOLV_HOST_CONF= any file you want' local vulnerability
Previous by thread: Re: 'export RESOLV_HOST_CONF= any file you want' local vulnerability
Next by thread: Re: 'export RESOLV_HOST_CONF= any file you want' local vulnerability
Index(es):
- Date
- Thread