Re: libc6 vulnerability

To: debian-sparc@lists.debian.org
Subject: Re: libc6 vulnerability
From: Steve Dunham <dunham@cse.msu.edu>
Date: 11 Feb 1999 22:59:56 -0500
Message-id: <[🔎] m9baeykl1ab.fsf@fatneck.cse.msu.edu>
In-reply-to: Joel Klecker's message of "Tue, 9 Feb 1999 18:40:13 -0800"
References: <v04104412b2e6a0b824e4@[206.163.71.146]>

Joel Klecker <jk@espy.org> writes:

> At 19:42 -0800 1999-02-07, Paul Vojta wrote:
> >Folks:
> >
> >When checking the security of my system, I found that it is vulnerable
> >to the following standard attack (in tcsh syntax):
> >
> >	env RESOLV_HOST_CONF=/etc/shadow /usr/sbin/traceroute foobar
> >  or	env RESOLV_HOST_CONF=/etc/shadow fping foobar
> >
> >This allows the user to read any (text) file on the system.
> 
> I have a Debian diff including a patch for this, someone simply needs 
> to compile and upload it. All that needs to be done is fix the 
> debian/changelog (by that I mean the -- line, I give permission to 
> use the -2 revision to whomever uploads this) and dpkg-buildpackage.

> http://www.debian.org/%7Eespy/glibc-pre2.1_2.0.105-2.dsc
> http://www.debian.org/%7Eespy/glibc-pre2.1_2.0.105-2.diff.gz

This has been compiled and uploaded.  (As I said, I removed the
hardcoded "sparc" distribution - it must have been a mistake from the
last version I uploaded that you didn't catch.)


Steve
dunham@cse.msu.edu

Reply to:

References:
- Re: libc6 vulnerability
  - From: Joel Klecker <jk@espy.org>

Prev by Date: slink_cd v 1.06 released
Next by Date: Re: Slink release - what's left?
Previous by thread: Re: libc6 vulnerability
Next by thread: Price on Sparc 2
Index(es):
- Date
- Thread