Bugtraq mailing list archives

Re: A few bugs...

From: okir () MONAD SWB DE (Olaf Kirch)
Date: Mon, 20 Sep 1999 11:14:41 +0200


On Fri, Sep 17, 1999 at 02:23:48PM -0500, Tymm Twillman wrote:

- Glibc 2.1.1:

  o unsetenv() off-by-one error:
     The unsetenv function in glibc 2.1.1 suffers from a problem whereby
     when running through the environment variables, if the name of the
     variable being unset is present twice consecutively, the second is
     not destroyed.

     unsetenv is sometimes used by programs that depend on it clearing out
     variables for protection against evil environment variables.


In particular, by ld.so. While this hole doesn't affect setuid programs
themselves, it means that programs run by the setuid application can be
fooled into using the LD_* variables.

Olaf

--
Olaf Kirch         |  --- o --- Nous sommes du soleil we love when we play
okir () monad swb de  |    / | \   sol.dhoop.naytheet.ah kin.ir.samse.qurax
okir () caldera de    +-------------------- Why Not?! -----------------------
         UNIX, n.: Spanish manufacturer of fire extinguishers.

Current thread:

Re: Internet Explorer 5.0 & AOL Instant Messenger 3.x (latest version) Bug forcing Win98 to crash remotely, (continued)
- - - Re: Internet Explorer 5.0 & AOL Instant Messenger 3.x (latest version) Bug forcing Win98 to crash remotely Peter Haglund (Sep 24)
    - Re: More fun with WWWBoard Vladimir Dubrovin (Sep 21)
    - SCO 5.0.x scosession local exploit Brock Tellier (Sep 22)
    - Re: More fun with WWWBoard Ben Laurie (Sep 23)
    - SuSE 6.2 sccw overflow exploit Brock Tellier (Sep 23)
    - Security Bulletins Digest Aleph One (Sep 20)
    - Microsoft Security Bulletin (MS99-038) Aleph One (Sep 20)
    - FreeBSD Security Advisory: FreeBSD-SA-99:06.amd Aleph One (Sep 20)
    - socket buffer DoS/administrative limits (fwd) Brian F. Feldman (Sep 17)
    - A few bugs... Tymm Twillman (Sep 17)
    - Re: A few bugs... Olaf Kirch (Sep 20)
- Re: IE5 allows executing programs SysAdmin (Sep 07)