Re: Exploit - what to do

To: Jerzy Wolinski <wolinski@poczta.onet.pl>
Cc: debian-security@lists.debian.org
Subject: Re: Exploit - what to do
From: Colin Phipps <cph@netcraft.com>
Date: Wed, 18 Jul 2001 15:25:13 +0100
Message-id: <[🔎] 20010718152513.A7278@netcraft.com>
Mail-followup-to: Jerzy Wolinski <wolinski@poczta.onet.pl>, debian-security@lists.debian.org
In-reply-to: <[🔎] 001d01c10f8f$7cb8a460$4f00a8c0@kompas.net.pl>
References: <[🔎] 001d01c10f8f$7cb8a460$4f00a8c0@kompas.net.pl>

On Wed, Jul 18, 2001 at 03:42:26PM +0200, Jerzy Wolinski wrote:
> I found some local root exploit (source and binary).  I have run it on some
> test system. It works on Debian 2.2r2 From source I can see that it uses
> passwd program, but I have no knowlegde and no time to search how it really
> works. On debian security alert pages I see nothing about passwd.  What should
> I do?

Hmm. I would've thought r2 covered all the glibc exploits. Perhaps if you give
your exact glibc version (dpkg -l libc6) and a pointer to the exploit (if it's
public) then we'll be able to give you an answer.

-- 
Colin Phipps         PGP 0x689E463E     http://www.netcraft.com/

Reply to:

References:
- Exploit - what to do
  - From: "Jerzy Wolinski" <wolinski@poczta.onet.pl>

Prev by Date: Re: Exploit - what to do
Next by Date: Re: Exploit - what to do
Previous by thread: Re: Exploit - what to do
Next by thread: Re: Exploit - what to do
Index(es):
- Date
- Thread