[17881] in bugtraq
Re: A working glibc LANGUAGE xploit
daemon@ATHENA.MIT.EDU (Ben Collins)
Fri Dec 1 13:23:15 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-ID: <20001130212551.V20517@visi.net>
Date: Thu, 30 Nov 2000 21:25:51 -0500
Reply-To: Ben Collins <bcollins@DEBIAN.ORG>
From: Ben Collins <bcollins@DEBIAN.ORG>
X-To: William Cordis <whcordis@SOUTHERN.EDU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20001130195138.20975.qmail@securityfocus.com>; from
whcordis@SOUTHERN.EDU on Thu, Nov 30, 2000 at 07:51:38PM -0000
On Thu, Nov 30, 2000 at 07:51:38PM -0000, William Cordis wrote:
> >Tested on: Red Hat 6.2, 6.1
> > SuSE 6.2
>
> Failed to work on Debian Gnu/Linux Potato (2.2r1).
> The Stock version of Potato (2.2) should be
> vulnerable but I don't have a box running that
> version to test since all the ones I'm using are
> kept up to date with the latest security patches.
> The bug was reported to be fixed with
> glibc-2.1.3-12 (August 31) which is a security
> update and incorporated into 2.2r1.
2.2 was vulnerable, but obviously we fixed it, and announced that fix, and
it was incorporated in 2.2r1.
--
-----------=======-=-======-=========-----------=====------------=-=------
/ Ben Collins -- ...on that fantastic voyage... -- Debian GNU/Linux \
` bcollins@debian.org -- bcollins@openldap.org -- bcollins@linux.com '
`---=========------=======-------------=-=-----=-===-======-------=--=---'
