[2418] in bugtraq
Re: telnetd hole, and related /bin/login problem?
daemon@ATHENA.MIT.EDU (Bret McDanel)
Thu Nov 23 15:48:26 1995
Date: Wed, 22 Nov 1995 16:13:03 GMT
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: Bret McDanel <bret@real.com>
X-To: BUGTRAQ@CRIMELAB.COM
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
> At least one vendor has chosen to include a new /bin/login with their
> telnetd patch. At least one vendor is shipping a patch with a new
> telnetd, but without a new /bin/login.
>
> I gather another advisory may be forthcoming for another, related
> hole, this time in /bin/login.
>
> Can somebody name that hole?
>
Cert released something on the fact that login was not statically linked
about 8 months ago, and was vunerable to this hole..
Of course login isnt the only thing that this can happen, statically linked
httpd, or anything that binds a port (most OS's honor the suid thing, where if
a program is suid or sgid it wont use the user env vars for libs, but when
you telnet in, you go in as root, and that changes)..
