Re: telnetd hole, and related /bin/login problem?

[bret () real com (Bret McDanel)]

> At least one vendor has chosen to include a new /bin/login with their
> telnetd patch.  At least one vendor is shipping a patch with a new
> telnetd, but without a new /bin/login.
>
> I gather another advisory may be forthcoming for another, related
> hole, this time in /bin/login.
>
> Can somebody name that hole?
Cert released something on the fact that login was not statically linked
about 8 months ago, and was vunerable to this hole..

Of course login isnt the only thing that this can happen, statically linked
httpd, or anything that binds a port (most OS's honor the suid thing, where if
a program is suid or sgid it wont use the user env vars for libs, but when
you telnet in, you go in as root, and that changes)..