[6098] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Telnet vulnerability--shared library loading

daemon@ATHENA.MIT.EDU (Michal Jaegermann)
Wed Nov 1 22:08:03 1995

To: kerberos@MIT.EDU
Date: 2 Nov 1995 01:53:00 GMT
From: michal@gortel.phys.ualberta.ca (Michal Jaegermann)
Reply-To: michal@gortel.phys.ualberta.ca

Alain Knaff (knaff@ngulu.imag.fr) wrote:
: Jon Lewis (jlewis@inorganic5.chem.ufl.edu) wrote:
: : Run the supplied exploit test.  My slackware based systems look very much 
: : like they are vulnerable...but probably won't be for long.

I did.  New environment was passed via login but after that apparently
totally disregarded - which left my scratching my head a bit.

:  Or grep for Linux in the message. The article explicitely mentions
: ELF_LD_LIBRARY_PATH and Linux

I applied to my telnetd a patch similar one to one shown in an
original annoucement but with 
  (NULL == strstr(*cpp, "LD_"))
instead of 
  strncmp(*cpp, "LD_", 3)
just to guard myself against various possible surprises. :-)

  Michal


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[6098] in Kerberos

Re: Telnet vulnerability--shared library loading

daemon@ATHENA.MIT.EDU (Michal Jaegermann)Wed Nov 1 22:08:03 1995

daemon@ATHENA.MIT.EDU (Michal Jaegermann)
Wed Nov 1 22:08:03 1995