At 19:42 -0800 1999-02-07, Paul Vojta wrote:
Folks: When checking the security of my system, I found that it is vulnerable to the following standard attack (in tcsh syntax): env RESOLV_HOST_CONF=/etc/shadow /usr/sbin/traceroute foobar or env RESOLV_HOST_CONF=/etc/shadow fping foobar This allows the user to read any (text) file on the system.
I have a Debian diff including a patch for this, someone simply needs to compile and upload it. All that needs to be done is fix the debian/changelog (by that I mean the -- line, I give permission to use the -2 revision to whomever uploads this) and dpkg-buildpackage.
http://www.debian.org/%7Eespy/glibc-pre2.1_2.0.105-2.dsc http://www.debian.org/%7Eespy/glibc-pre2.1_2.0.105-2.diff.gz -- Joel Klecker (aka Espy) <URL:http://web.espy.org/> <URL:mailto:jk@espy.org> <URL:mailto:espy@debian.org> Debian GNU/Linux PowerPC -- <URL:http://www.debian.org/ports/powerpc/>