Bugtraq mailing list archives

Re: Glibc Local Root Exploit

From: Ari Saastamoinen <oh3mqu () VIP FI>
Date: Thu, 11 Jan 2001 01:42:52 +0200

On Wed, 10 Jan 2001, Pedro Margate wrote:

install the ssh binary as suid root by default.  This can be disabled
during configuration or after the fact with chmod.  I believe that would


That exploit can use any suid root program which resolves host names. (For
example ping and traceroute) So you cannot fix that glibc explot only by
unsetting SUID bit of ssh client.

every ssh installation I've performed and it seems to work the same.  I'm
not sure what reason ssh has to be suid root, nobody I've asked has any
idea.


By default ssh client makes connection from source socket <1024, and it is
impossible without root privileges.  When you run the client as non root,
source socket will be >1023, but man can disable this kind of connections
by configuring the ssh daemon.

--
Ari Saastamoinen  oh3mqu+bugtraq () vip fi

Current thread:

Glibc Local Root Exploit Charles Stevenson (Jan 10)
- Re: Glibc Local Root Exploit Thomas T. Veldhouse (Jan 10)
- Re: Glibc Local Root Exploit Ben Collins (Jan 10)
- Re: Glibc Local Root Exploit Pedro Margate (Jan 10)
  - Re: Glibc Local Root Exploit Gordon Messmer (Jan 10)
  - Re: Glibc Local Root Exploit Philip Rowlands (Jan 10)
  - Re: Glibc Local Root Exploit Ari Saastamoinen (Jan 10)
    - Re: Glibc Local Root Exploit Matt Zimmerman (Jan 12)
  - Re: Glibc Local Root Exploit Jerry Connolly (Jan 10)
  - Veritas BackupExec (remote DoS) oh3mqu+bugtraq (Jan 15)
- Re: Glibc Local Root Exploit Joe (Jan 10)
- Re: Glibc Local Root Exploit Digital Overdrive (Jan 10)
- Re: Glibc Local Root Exploit Digital Overdrive (Jan 10)
- Re: Glibc Local Root Exploit Brian (Jan 10)
- <Possible follow-ups>
- Re: Glibc Local Root Exploit Ben Greenbaum (Jan 10)
  - Re: Glibc Local Root Exploit Simon Cozens (Jan 12)
  - Re: Glibc Local Root Exploit Matt Zimmerman (Jan 12)

(Thread continues...)