[18592] in bugtraq
Re: Glibc Local Root Exploit
daemon@ATHENA.MIT.EDU (Jeffrey Denton)
Fri Jan 12 16:37:00 2001
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.LNX.4.31.0101101957320.1372-100000@wookie.c2i2.com>
Date: Wed, 10 Jan 2001 20:05:23 -0700
Reply-To: Jeffrey Denton <dentonj@C2I2.COM>
From: Jeffrey Denton <dentonj@C2I2.COM>
X-To: Ben Greenbaum <bgreenbaum@SECURITYFOCUS.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.GSO.4.30.0101101741160.531-100000@mail>
Hopefully the BUGTRAQ moderators will catch and delete my first message.
This one has a little more detail.
> ------------------------------------------------------
> From: Joseph Nicholas Yarbrough <nyarbrough@lurhq.com>
>
> I am unable to reproduce this using slackware 7.1(glibc2.1.3).
> What version of slackware were these "others" reporting positive results from?
>
"slackware-current", Slackware's developers release, uses glibc2.2 and is
vulnerable. After that variable is set, the only two commands I was able
to find that exploited this bug and returned the shadow file are ssh and
traceroute:
$ssh localhost
$traceroute localhost
They do not work if the suid bit is removed.
This does not effect any of Slackware's stable releases.
dentonj
