[454] in linux-security and linux-alert archive
Re: Telnetd Environment Vulnerability
daemon@ATHENA.MIT.EDU (Thomas Roessler)
Mon Nov 6 15:35:56 1995
From: Thomas Roessler <Thomas.Roessler@sobolev.rhein.de>
To: linux-security@tarsier.cv.nrao.edu
Date: Mon, 6 Nov 1995 09:03:11 +0100 (MET)
In-Reply-To: <199511030058.QAA24470@passer.osg.gov.bc.ca> from "Cy Schubert - BCSC Open Systems Group" at Nov 2, 95 04:58:43 pm
* Cy Schubert - BCSC Open Systems Group wrote:
> There is a serious problem with various telnetd daemons which will cause
> /bin/login to give a root shell. I haven't had a chance to test this on my
> Linux boxes at home, however it does fix the problem under DEC's OSF/1.
You should mention that it's absolutely necessary to statically
link this wrapper; otherwise it won't be effective.
tlr
