[2942] in bugtraq
Re: identd hole?
daemon@ATHENA.MIT.EDU (Jacob Langseth)
Tue Jul 16 16:15:40 1996
Date: Tue, 16 Jul 1996 15:28:59 -0400
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Jacob Langseth <jacob@esisys.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
>running on several Slackware 3.0 machines (all of the vulnerabilities that
>I am aware of are fixed on those, but this one is new for me).
Are you absolutely certain that you have a) replaced in.telnetd w/ a
fixed version or b) have a statically compiled wrapper around /bin/login
to clean the environment of unwanted variables? The description of the
attack leads me to strongly beleive he's attacking w/ the LD_PRELOAD bug.
Curious,
Jacob
--
Jacob Langseth -=-finger for PGP key-=-
Enhanced Systems, Inc. email: jacob@esisys.com
6961 PeachTree Ind Blvd voice: (770) 662-1504 ext. 684
Norcross, GA 30092 fax: (770) 662-1537
