Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

SECURITY ALERT (libresolv+ bug)

From: jared () puck nether net (Jared Mauch)
Date: Fri, 16 Aug 1996 09:03:19 -0400

----- Forwarded message from Myles Uyema -----


From myles () nether net  Fri Aug 16 00:18:31 1996

Date: Thu, 15 Aug 1996 18:18:13 -1000 (HST)
From: Myles Uyema <myles () nether net>
X-Sender: myles@micron.intra.network
To: Jared Mauch <jared () puck nether net>
Subject: SECURITY ALERT
Message-ID: <Pine.LNX.3.95.960815181521.10074A-100000@micron.intra.network>

-- Start of PGP signed section.
You've probably been informed about this or read about the libresolv+
bug.  Any suid-root binaries should be stripped if they use any of the
resolv routines.  Vulnerable utilities are:

ping, traceroute, ssh.  Remove their global execution priveledges.
A common exploit:  export RESOLV_HOST_CONF=/etc/shadow ; ping asdf


Myles Uyema
myles () nether net    [finger uyema () nether net for PGP public key]
-- End of PGP signed section.

----- End of forwarded message from Myles Uyema -----
Previous By Date Next
Previous By Thread Next

Current thread: