[3186] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

SECURITY ALERT (libresolv+ bug)

daemon@ATHENA.MIT.EDU (Jared Mauch)
Sat Aug 17 19:28:21 1996

Date: 	Fri, 16 Aug 1996 09:03:19 -0400
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Jared Mauch <jared@puck.nether.net>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>

----- Forwarded message from Myles Uyema -----

From myles@nether.net  Fri Aug 16 00:18:31 1996
Date: Thu, 15 Aug 1996 18:18:13 -1000 (HST)
From: Myles Uyema <myles@nether.net>
X-Sender: myles@micron.intra.network
To: Jared Mauch <jared@puck.nether.net>
Subject: SECURITY ALERT
Message-ID: <Pine.LNX.3.95.960815181521.10074A-100000@micron.intra.network>

-- Start of PGP signed section.
You've probably been informed about this or read about the libresolv+
bug.  Any suid-root binaries should be stripped if they use any of the
resolv routines.  Vulnerable utilities are:

ping, traceroute, ssh.  Remove their global execution priveledges.
A common exploit:  export RESOLV_HOST_CONF=/etc/shadow ; ping asdf


Myles Uyema
myles@nether.net    [finger uyema@nether.net for PGP public key]
-- End of PGP signed section.

----- End of forwarded message from Myles Uyema -----


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[3186] in bugtraq

SECURITY ALERT (libresolv+ bug)

daemon@ATHENA.MIT.EDU (Jared Mauch)Sat Aug 17 19:28:21 1996

daemon@ATHENA.MIT.EDU (Jared Mauch)
Sat Aug 17 19:28:21 1996