[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: 'export RESOLV_HOST_CONF= any file you want' local vulnerability

On Mon, Jan 08, 2001 at 03:07:26PM -0500, Bob Bernstein wrote:
> 
> On Mon, 8 Jan 2001 19:14:53 +0100, Wichert Akkerman opined:
> 
> >  We're aware of it and looking into this at the moment, as well as
> >  checking if there are other similar problems we might have missed.
> 
> Since this vulnerability is now "in the wild," so to speak, due to this
> very discussion, isn't it a good idea to make an announcement to the
> effect that at the very least fping should have its setuid root
> removed?

well it works with traceroute too and others, it's not a problem with 
fping .
i tried it on a rh 6.2 :-( with glibc 2.1 and i can confirm it doesn't work 

Samuele 
-- 
Samuele Tonon  <samu@mclink.it>
Undergraduate Student  of  Computer Science at  University of Bologna, Italy    
System administrator at Computer Science Lab's, University of Bologna, Italy  
Founder & Member of A.A.H.T.
UIN 3155609 
          	Acid -- better living through chemistry.
			       Timothy Leary
Reply to: