Re: libc6 vulnerability
Joel Klecker <firstname.lastname@example.org> writes:
> At 19:42 -0800 1999-02-07, Paul Vojta wrote:
> >When checking the security of my system, I found that it is vulnerable
> >to the following standard attack (in tcsh syntax):
> > env RESOLV_HOST_CONF=/etc/shadow /usr/sbin/traceroute foobar
> > or env RESOLV_HOST_CONF=/etc/shadow fping foobar
> >This allows the user to read any (text) file on the system.
> I have a Debian diff including a patch for this, someone simply needs
> to compile and upload it. All that needs to be done is fix the
> debian/changelog (by that I mean the -- line, I give permission to
> use the -2 revision to whomever uploads this) and dpkg-buildpackage.
This has been compiled and uploaded. (As I said, I removed the
hardcoded "sparc" distribution - it must have been a mistake from the
last version I uploaded that you didn't catch.)