Re: 'export RESOLV_HOST_CONF= any file you want' local vulnerability
On Mon, Jan 08, 2001 at 03:07:26PM -0500, Bob Bernstein wrote:
>
> On Mon, 8 Jan 2001 19:14:53 +0100, Wichert Akkerman opined:
>
> > We're aware of it and looking into this at the moment, as well as
> > checking if there are other similar problems we might have missed.
>
> Since this vulnerability is now "in the wild," so to speak, due to this
> very discussion, isn't it a good idea to make an announcement to the
> effect that at the very least fping should have its setuid root
> removed?
well it works with traceroute too and others, it's not a problem with
fping .
i tried it on a rh 6.2 :-( with glibc 2.1 and i can confirm it doesn't work
Samuele
--
Samuele Tonon <samu@mclink.it>
Undergraduate Student of Computer Science at University of Bologna, Italy
System administrator at Computer Science Lab's, University of Bologna, Italy
Founder & Member of A.A.H.T.
UIN 3155609
Acid -- better living through chemistry.
Timothy Leary
Reply to: