Vulnerability Development mailing list archives
Re: traceroute-4.4BSD (slack) heap overflow
From: "Rodrigo Barbosa (aka morcego)" <rodrigob () CONECTIVA COM BR>
Date: Wed, 10 Jan 2001 15:54:29 -0200
On Tue, Jan 09, 2001 at 02:19:27PM +0100, Olaf Kirch wrote:
On Mon, Jan 08, 2001 at 12:21:51PM -0500, Matt Zimmerman wrote:On Mon, Jan 08, 2001 at 11:54:41AM +0100, Olaf Kirch wrote:c. The RESOLV_HOST_CONF variable is *not* used to specifiy a replacment for /etc/hosts, but for /etc/host.conf, which configures the resolver. Apart from that, it's been quite a while since the resolver library honored this variable in setuid programs.If only this were true ("it's been quite a while..."). glibc 2.2's resolver honors RESOLV_HOST_CONF in setuid programs (see resolv/res_hconf.c, or just try it).Okay, I gotta eat my words. It turns out it got reintroduced in 2.2. Oh joy. Another day, another security update to build.
As of yesterday's afternoon, a fix for this problem was already on glibc 2.2.1 cvs. 2001-01-08 Ulrich Drepper <drepper () redhat com> * sysdeps/generic/unsecvars.h (UNSECURE_ENVVARS): Add missing comma. The problem is a missing comma, as stated. I don't need a patch posting here is needed. Either grab the lastest cvs version, or just go there, add the missing comma (you can't miss it :-)), and recompile glibc. []s -- Rodrigo Barbosa (morcego) - rodrigob at conectiva.com.br Conectiva R&D Team - http://distro.conectiva.com.br "Quis custodiet ipsos custodiet?" - http://www.conectiva.com
Attachment:
_bin
Description:
Current thread:
- Re: traceroute-4.4BSD (slack) heap overflow, (continued)
- Re: traceroute-4.4BSD (slack) heap overflow Slawek (Jan 07)
- Re: traceroute-4.4BSD (slack) heap overflow El Nahual (Jan 06)
- Re: traceroute-4.4BSD (slack) heap overflow Cristi Dumitrescu (Jan 08)
- Re: traceroute-4.4BSD (slack) heap overflow Slawek (Jan 08)
- Re: traceroute-4.4BSD (slack) heap overflow Cristi Dumitrescu (Jan 08)
- Re: traceroute-4.4BSD (slack) heap overflow Olaf Kirch (Jan 08)
- Re: traceroute-4.4BSD (slack) heap overflow Dale Thatcher (Jan 08)
- Re: traceroute-4.4BSD (slack) heap overflow Gordon Messmer (Jan 09)
- Re: traceroute-4.4BSD (slack) heap overflow Frank de Lange (Jan 09)
- Re: traceroute-4.4BSD (slack) heap overflow Matt Zimmerman (Jan 08)
- Re: traceroute-4.4BSD (slack) heap overflow Olaf Kirch (Jan 09)
- Re: traceroute-4.4BSD (slack) heap overflow Rodrigo Barbosa (aka morcego) (Jan 10)
- Re: traceroute-4.4BSD (slack) heap overflow Dale Thatcher (Jan 08)
- Re: traceroute-4.4BSD (slack) heap overflow Cristi Dumitrescu (Jan 09)
- Re: traceroute-4.4BSD (slack) heap overflow Oliver Friedrichs (Jan 05)
- Re: traceroute-4.4BSD (slack) heap overflow Cristi Dumitrescu (Jan 05)
- Re: traceroute-4.4BSD (slack) heap overflow Techno Bob (Jan 05)
- Re: traceroute-4.4BSD (slack) heap overflow Techno Bob (Jan 07)
- Re: traceroute-4.4BSD (slack) heap overflow Cristi Dumitrescu (Jan 09)
- Re: traceroute-4.4BSD (slack) heap overflow Matt Zimmerman (Jan 11)
- Re: traceroute-4.4BSD (slack) heap overflow Cristi Dumitrescu (Jan 09)