[17638] in bugtraq
Re: RedHat 7.0 (and SuSE): modutils + netkit = root compromise.
daemon@ATHENA.MIT.EDU (Wichert Akkerman)
Mon Nov 13 18:16:29 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-Id: <20001113182350.A27244@cs.leidenuniv.nl>
Date: Mon, 13 Nov 2000 18:23:50 +0100
Reply-To: Wichert Akkerman <wichert@CISTRON.NL>
From: Wichert Akkerman <wichert@CISTRON.NL>
X-To: Keith Owens <kaos@OCS.COM.AU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <1841.974112019@ocs3.ocs-net>; from kaos@OCS.COM.AU on Mon,
Nov 13, 2000 at 09:40:19PM +1100
Previously Keith Owens wrote:
> This bug was introduced to modutils in March 12 1999, it does not
> affect modutils 2.1.121. modprobe tries echo as the last ditch file
> expansion method, using popen. There is no good reason to do that.
It also does not affect version 2.3.11, which also mean that Debian
potato is not vulnerable.
Wichert.
--
_________________________________________________________________
/ Generally uninteresting signature - ignore at your convenience \
| wichert@liacs.nl http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
