Joel Klecker <[EMAIL PROTECTED]> writes: > At 19:42 -0800 1999-02-07, Paul Vojta wrote: > >Folks: > > > >When checking the security of my system, I found that it is vulnerable > >to the following standard attack (in tcsh syntax): > > > > env RESOLV_HOST_CONF=/etc/shadow /usr/sbin/traceroute foobar > > or env RESOLV_HOST_CONF=/etc/shadow fping foobar > > > >This allows the user to read any (text) file on the system. > > I have a Debian diff including a patch for this, someone simply needs > to compile and upload it. All that needs to be done is fix the > debian/changelog (by that I mean the -- line, I give permission to > use the -2 revision to whomever uploads this) and dpkg-buildpackage.
> http://www.debian.org/%7Eespy/glibc-pre2.1_2.0.105-2.dsc > http://www.debian.org/%7Eespy/glibc-pre2.1_2.0.105-2.diff.gz This has been compiled and uploaded. (As I said, I removed the hardcoded "sparc" distribution - it must have been a mistake from the last version I uploaded that you didn't catch.) Steve [EMAIL PROTECTED]
