Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: traceroute-4.4BSD (slack) heap overflow

From: "Rodrigo Barbosa (aka morcego)" <rodrigob () CONECTIVA COM BR>
Date: Wed, 10 Jan 2001 15:54:29 -0200
On Tue, Jan 09, 2001 at 02:19:27PM +0100, Olaf Kirch wrote:

On Mon, Jan 08, 2001 at 12:21:51PM -0500, Matt Zimmerman wrote:

On Mon, Jan 08, 2001 at 11:54:41AM +0100, Olaf Kirch wrote:


 c.       The RESOLV_HOST_CONF variable is *not* used to specifiy
  a replacment for /etc/hosts, but for /etc/host.conf, which
  configures the resolver. Apart from that, it's been quite a
  while since the resolver library honored this variable in
  setuid programs.


If only this were true ("it's been quite a while...").  glibc 2.2's resolver
honors RESOLV_HOST_CONF in setuid programs (see resolv/res_hconf.c, or just try
it).


Okay, I gotta eat my words. It turns out it got reintroduced in 2.2. Oh joy.
Another day, another security update to build.



As of yesterday's afternoon, a fix for this problem was already on glibc 2.2.1
cvs.

2001-01-08  Ulrich Drepper  <drepper () redhat com>
        * sysdeps/generic/unsecvars.h (UNSECURE_ENVVARS): Add missing comma.

The problem is a missing comma, as stated. I don't need a patch posting here
is needed. Either grab the lastest cvs version, or just go there, add
the missing comma (you can't miss it :-)), and recompile glibc.

[]s

-- 
 Rodrigo Barbosa (morcego)         - rodrigob at conectiva.com.br
 Conectiva R&D Team                - http://distro.conectiva.com.br
 "Quis custodiet ipsos custodiet?" - http://www.conectiva.com

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: