Bugtraq mailing list archives
Re: Linux NLSPATH buffer overflow
From: juphoff () TARSIER CV NRAO EDU (Jeff Uphoff)
Date: Thu, 13 Mar 1997 12:34:18 -0500
"MS" == Mihai Sandu <mike () thai oxy pub ro> writes: MS> On Fri, 14 Feb 1997, Alan Cox wrote:
libc5.4 is immune, RedHat has been shipping the fixed libc5.3.12 for a long time,
MS> [squid@arbat squid]$ ls -la /lib/libc* MS> lrwxrwxrwx 1 root root 14 Feb 21 14:52 /lib/libc.so.5 -> libc.so.5.3.12 MS> -rwxr-xr-x 1 root root 705995 Sep 2 1996 /lib/libc.so.5.3.12 MS> lrwxrwxrwx 1 root root 22 Feb 21 14:57 /lib/libcom_err.so -> /lib/libcom_err.so.2.0 MS> lrwxrwxrwx 1 root root 17 Feb 21 14:59 /lib/libcom_err.so.2 -> libcom_err.so.2.0 MS> -rwxr-xr-x 1 root root 5819 Sep 1 1996 /lib/libcom_err.so.2.0 What about 'rpm -q libc' to check what version of 5.3.12 you're running? That'll show if you're lagging behind the patch/fix curve. MS> So. It works on RedHat 4.0 Colgate with libc v. 5.3.12 That should read "...with an un-fixed libc v. 5.3.12." (Alan already made this point!) Get the most recent RPM(s) from Red Hat's "updates" area and the exploit shouldn't work any more. --Up. -- Jeff Uphoff - Scientific Programming Analyst | juphoff () nrao edu National Radio Astronomy Observatory | juphoff () bofh org uk Charlottesville, VA, USA | jeff.uphoff () linux org PGP key available at: http://www.cv.nrao.edu/~juphoff/
Current thread:
- Re: Linux NLSPATH buffer overflow Mihai Sandu (Mar 13)
- <Possible follow-ups>
- Re: Linux NLSPATH buffer overflow Jeff Uphoff (Mar 13)