Re: 'export RESOLV_HOST_CONF= any file you want' local vulnerability

To: Andres Salomon <dilinger@mp3revolution.net>
Cc: Bj?rn Metzdorf <bm@turtle-entertainment.de>, debian-security@lists.debian.org
Subject: Re: 'export RESOLV_HOST_CONF= any file you want' local vulnerability
From: Mario Scarpa <m.scarpa@mondonet.net>
Date: Tue, 09 Jan 2001 01:26:15 +0100
Message-id: <[🔎] 3A5A5AA7.3516AAC5@mondonet.net>
References: <[🔎] Pine.LNX.4.31.0101081752230.25739-100000@io.88.net> <[🔎] 47250783707.20010108111349@iwz.com> <[🔎] 20010108153716.A2493@incandescent.mp3revolution.net> <[🔎] 069d01c079b5$e37c75c0$81c206d4@office.gnw.de> <[🔎] 20010108160148.A2594@incandescent.mp3revolution.net>

Andres Salomon wrote:
> 
> Ooops.  Mandrake cooker, and Debian unstable.  In other words: glibc2.2
> systems.  glibc 2.1's resolver (/lib/libnss_db.so.2) appears unaffected.
> This is why some of you aren't seeing it.
> 
> ii  libc6          2.2-6          GNU C Library: Shared libraries and Timezone
> 

Not really, with fping and traceroute suid root it works when logged as root 
and does not when I 'm a regular user. Ping works as usual in both the cases.

Debian 2.2rev2 stable and 

ii  libc6          2.1.3-13       GNU C Library: Shared libraries and Timezone

Mario.

Reply to:

References:
- Re: 'export RESOLV_HOST_CONF= any file you want' local vulnerability
  - From: thomas lakofski <thomas@88.net>
- Re[2]: 'export RESOLV_HOST_CONF= any file you want' local vulnerability
  - From: Kevin <cog@iwz.com>
- Re: 'export RESOLV_HOST_CONF= any file you want' local vulnerability
  - From: Andres Salomon <dilinger@mp3revolution.net>
- Re: 'export RESOLV_HOST_CONF= any file you want' local vulnerability
  - From: Björn Metzdorf <bm@turtle-entertainment.de>
- Re: 'export RESOLV_HOST_CONF= any file you want' local vulnerability
  - From: Andres Salomon <dilinger@mp3revolution.net>

Prev by Date: Re: 'export RESOLV_HOST_CONF= any file you want' local vulnerability
Next by Date: Re: 'export RESOLV_HOST_CONF= any file you want' local vulnerabi
Previous by thread: Re: 'export RESOLV_HOST_CONF= any file you want' local vulnerability
Next by thread: Re: 'export RESOLV_HOST_CONF= any file you want' local vulnerability
Index(es):
- Date
- Thread