Bugtraq mailing list archives
SECURITY ALERT (libresolv+ bug)
From: jared () puck nether net (Jared Mauch)
Date: Fri, 16 Aug 1996 09:03:19 -0400
----- Forwarded message from Myles Uyema -----
From myles () nether net Fri Aug 16 00:18:31 1996
Date: Thu, 15 Aug 1996 18:18:13 -1000 (HST) From: Myles Uyema <myles () nether net> X-Sender: myles@micron.intra.network To: Jared Mauch <jared () puck nether net> Subject: SECURITY ALERT Message-ID: <Pine.LNX.3.95.960815181521.10074A-100000@micron.intra.network> -- Start of PGP signed section. You've probably been informed about this or read about the libresolv+ bug. Any suid-root binaries should be stripped if they use any of the resolv routines. Vulnerable utilities are: ping, traceroute, ssh. Remove their global execution priveledges. A common exploit: export RESOLV_HOST_CONF=/etc/shadow ; ping asdf Myles Uyema myles () nether net [finger uyema () nether net for PGP public key] -- End of PGP signed section. ----- End of forwarded message from Myles Uyema -----
Current thread:
- SECURITY ALERT (libresolv+ bug) Jared Mauch (Aug 16)