Re: [linux-alert] Serious Security hole in getpwnam ()

To: dominik.kubla@uni-mainz.de (Dominik Kubla)
Cc: kai@khms.westfalen.de, debian-devel@lists.debian.org
Subject: Re: [linux-alert] Serious Security hole in getpwnam ()
From: david@elo.ods.com (David Engel)
Date: Wed, 29 May 1996 13:57:54 -0500 (CDT)
Message-id: <[🔎] m0uOqRO-000BnvC@elo.ods.com>
In-reply-to: <[🔎] 199605291752.TAA02056@bambi.zdv.Uni-Mainz.DE> from "Dominik Kubla" at May 29, 96 07:52:56 pm

> >> This is a *very* serious hole that affects Linux-based NIS client
> >> systems.  A more formal alert will be posted once a fixed version
> >> of libc has been officially released.
> 
> I did check it with the current library as found on Debian systems: No
> root permissions, only a core dump.  So i think there is a problem,
> but it is by far not as serious as announced.

I don't know what version you have, but I was able to break into my
own system using the current version.  This fix is being built right
now.

David
-- 
David Engel                        Optical Data Systems, Inc.
david@ods.com                      1101 E. Arapaho Road
(214) 234-6400                     Richardson, TX  75081

Reply to:

Follow-Ups:
- Re: [linux-alert] Serious Security hole in getpwnam ()
  - From: Dominik Kubla <dominik.kubla@uni-mainz.de>

References:
- Re: [linux-alert] Serious Security hole in getpwnam ()
  - From: Dominik Kubla <dominik.kubla@uni-mainz.de>

Prev by Date: Bug#3146: 1.1 installation: ae doesn't work
Next by Date: Re: [linux-alert] Serious Security hole in getpwnam ()
Previous by thread: Re: [linux-alert] Serious Security hole in getpwnam ()
Next by thread: Re: [linux-alert] Serious Security hole in getpwnam ()
Index(es):
- Date
- Thread