[16539] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post
Re: UNIX locale format string vulnerability

daemon@ATHENA.MIT.EDU (Bob Manson)
Mon Sep 4 18:07:06 2000

Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id:  <Pine.SGI.3.96.1000904172458.21712142F-100000@skule.ecf>
Date:         Mon, 4 Sep 2000 17:34:03 -0400
Reply-To: Bob Manson <bob@ecf.utoronto.ca>
From: Bob Manson <bob@ECF.UTORONTO.CA>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To:  <39B3E1A6.F47BBFE4@core-sdi.com>

I immediately grabbed the new rpms from update.redhat.com, followed the
instructions and got:

glibc
##################################################
package zic not found in file index
package ca_ES not found in file index
package sl_SI not listed in file index
package ca_ES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package sl_SI not listed in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package LC_MESSAGES not found in file index
package Indianapolis not listed in file index
package Indianapolis not listed in file index
package Nicosia not listed in file index
package Indianapolis not listed in file index
package Indianapolis not listed in file index
package Nicosia not listed in file index
package Indianapolis not listed in file index
package Indianapolis not listed in file index
package Nicosia not listed in file index
execution of glibc-devel-2.1.3-19 script failed, exit status 0

I am now well and truly screwed.  I can run ls, but ls -l fails with a
"Segmentation fault" as do many other commands, so I can't even look to
see if I've got any zero length lib files.

I am (I was) running:

Red Hat Linux release 6.2 (Zoot)
Kernel 2.2.16-3 on an i686

Any suggestions?

	thanks,
	bob


---------------------------------------------------------------------
Bob Manson                                        Phone (416)978-5898
Systems Administrator, ECF                        Fax   (416)978-7320
University of Toronto                      email  bob@ecf.utoronto.ca
Toronto, Canada M5S 1A4                       or  bob@ecf.toronto.edu

"It is preferable not to travel with a dead man."   --- Henri Michaux

home	help	back	first	fref	pref	prev	next	nref	lref	last	post
[16539] in bugtraq

Re: UNIX locale format string vulnerability

daemon@ATHENA.MIT.EDU (Bob Manson)Mon Sep 4 18:07:06 2000

daemon@ATHENA.MIT.EDU (Bob Manson)
Mon Sep 4 18:07:06 2000
