Hopefully the BUGTRAQ moderators will catch and delete my first message.
This one has a little more detail.
> ------------------------------------------------------
> From: Joseph Nicholas Yarbrough <[EMAIL PROTECTED]>
>
> I am unable to reproduce this using slackware 7.1(glibc2.1.3).
> What version of slackware were these "others" reporting positive results from?
>
"slackware-current", Slackware's developers release, uses glibc2.2 and is
vulnerable. After that variable is set, the only two commands I was able
to find that exploited this bug and returned the shadow file are ssh and
traceroute:
$ssh localhost
$traceroute localhost
They do not work if the suid bit is removed.
This does not effect any of Slackware's stable releases.
dentonj
