[4589] in linux-net channel archive
Re: A SERIOUS security problem!!!!
daemon@ATHENA.MIT.EDU (Alan Cox)
Mon Sep 30 11:41:36 1996
From: Alan Cox <alan@cymru.net>
To: brian@lantz.com (Brian A. Lantz)
Date: Mon, 30 Sep 1996 10:16:48 +0100 (BST)
Cc: linux-net@vger.rutgers.edu, torvalds@cs.helsinki.fi
In-Reply-To: <Pine.LNX.3.91.960929141949.27279B-100000@lantz.com> from "Brian A. Lantz" at Sep 29, 96 04:01:20 pm
> This uses a security hole in telnetd, which allows passing of environment
> variables into 'login'. They define 'LD_LIBRARY_PATH' to point to a user
> (or incoming ftp) directory containing a new 'libc.so.4' or a
> 'libroot.so' (also supplied in the cracker's kit), which contains NO
> security checking, and logs them in as root.
Yawn. If you followed any security list (even cert announce) you'd know this
problem across multiple architectures was reported and fixed over a year ago
Alan
