Bugtraq mailing list archives
Re: telnetd hole, and related /bin/login problem?
From: bret () real com (Bret McDanel)
Date: Wed, 22 Nov 1995 16:13:03 GMT
At least one vendor has chosen to include a new /bin/login with their telnetd patch. At least one vendor is shipping a patch with a new telnetd, but without a new /bin/login. I gather another advisory may be forthcoming for another, related hole, this time in /bin/login. Can somebody name that hole?
Cert released something on the fact that login was not statically linked about 8 months ago, and was vunerable to this hole.. Of course login isnt the only thing that this can happen, statically linked httpd, or anything that binds a port (most OS's honor the suid thing, where if a program is suid or sgid it wont use the user env vars for libs, but when you telnet in, you go in as root, and that changes)..
Current thread:
- telnetd hole, and related /bin/login problem? Dan Stromberg - OAC-DCS (Nov 20)
- <Possible follow-ups>
- Re: telnetd hole, and related /bin/login problem? Bret McDanel (Nov 22)