Vulnerability Development mailing list archives
Re: traceroute-4.4BSD (slack) heap overflow
From: Gordon Messmer <yinyang () EBURG COM>
Date: Mon, 8 Jan 2001 19:49:23 -0800
On Mon, 8 Jan 2001, Dale Thatcher wrote:
On Mon, Jan 08, 2001 at 11:54:41AM +0100, Olaf Kirch wrote:c. The RESOLV_HOST_CONF variable is *not* used to specifiy a replacment for /etc/hosts, but for /etc/host.conf, which configures the resolver. Apart from that, it's been quite a while since the resolver library honored this variable in setuid programs.I just tried this on Debian unstable (libc 2.2-9) and read my /etc/shadow Whoops...
Also works on Red Hat 7.0. I filed a bug report yesterday.
jakub () redhat com replied that new packages will be available as soon as
they're QA'd. Afterward, I plan to personally check that all variables
that glibc uses are unset for suid apps. ;) (I'm crazy like that...)
MSG
--
If I had a dollar for every brain that you don't have,
I'd have one dollar. - Squidward to SpongeBob
Current thread:
- traceroute-4.4BSD (slack) heap overflow Cristi Dumitrescu (Jan 05)
- Re: traceroute-4.4BSD (slack) heap overflow Heinrich Langos (Jan 05)
- Re: traceroute-4.4BSD (slack) heap overflow Cristi Dumitrescu (Jan 05)
- Re: traceroute-4.4BSD (slack) heap overflow Jose Nazario (Jan 07)
- Re: traceroute-4.4BSD (slack) heap overflow Slawek (Jan 07)
- Re: traceroute-4.4BSD (slack) heap overflow Cristi Dumitrescu (Jan 05)
- Re: traceroute-4.4BSD (slack) heap overflow El Nahual (Jan 06)
- Re: traceroute-4.4BSD (slack) heap overflow Cristi Dumitrescu (Jan 08)
- Re: traceroute-4.4BSD (slack) heap overflow Slawek (Jan 08)
- Re: traceroute-4.4BSD (slack) heap overflow Cristi Dumitrescu (Jan 08)
- Re: traceroute-4.4BSD (slack) heap overflow Olaf Kirch (Jan 08)
- Re: traceroute-4.4BSD (slack) heap overflow Dale Thatcher (Jan 08)
- Re: traceroute-4.4BSD (slack) heap overflow Gordon Messmer (Jan 09)
- Re: traceroute-4.4BSD (slack) heap overflow Frank de Lange (Jan 09)
- Re: traceroute-4.4BSD (slack) heap overflow Matt Zimmerman (Jan 08)
- Re: traceroute-4.4BSD (slack) heap overflow Olaf Kirch (Jan 09)
- Re: traceroute-4.4BSD (slack) heap overflow Rodrigo Barbosa (aka morcego) (Jan 10)
- Re: traceroute-4.4BSD (slack) heap overflow Dale Thatcher (Jan 08)
- Re: traceroute-4.4BSD (slack) heap overflow Cristi Dumitrescu (Jan 09)
- Re: traceroute-4.4BSD (slack) heap overflow Heinrich Langos (Jan 05)
- <Possible follow-ups>
- Re: traceroute-4.4BSD (slack) heap overflow Oliver Friedrichs (Jan 05)
- Re: traceroute-4.4BSD (slack) heap overflow Cristi Dumitrescu (Jan 05)
- Re: traceroute-4.4BSD (slack) heap overflow Techno Bob (Jan 05)
- Re: traceroute-4.4BSD (slack) heap overflow Techno Bob (Jan 07)
- Re: traceroute-4.4BSD (slack) heap overflow Cristi Dumitrescu (Jan 09)