Simon Cozens [EMAIL PROTECTED] writes:
And a patch. Yeah, it's pretty obvious, but nobody's produced it yet.
Your patch doesn't include the HOSTALIASES fix (which is
security-related as well):
Index: sysdeps/generic/unsecvars.h
Matt Zimmerman wrote:
On Thu, Jan 11, 2001 at 01:42:52AM +0200, Ari Saastamoinen wrote:
On Wed, 10 Jan 2001, Pedro Margate wrote:
install the ssh binary as suid root by default. This can be disabled
during configuration or after the fact with chmod. I believe that would
That
And a patch. Yeah, it's pretty obvious, but nobody's produced it yet.
Of course, it'll take you forever to *compile* the thing. :)
--- sysdeps/generic/unsecvars.h~Wed Jan 10 23:37:09 2001
+++ sysdeps/generic/unsecvars.h Wed Jan 10 23:37:20 2001
@@ -5,7 +5,7 @@
"LOCPATH",
Hopefully the BUGTRAQ moderators will catch and delete my first message.
This one has a little more detail.
--
From: Joseph Nicholas Yarbrough [EMAIL PROTECTED]
I am unable to reproduce this using slackware 7.1(glibc2.1.3).
What version
On Thu, Jan 11, 2001 at 01:42:52AM +0200, Ari Saastamoinen wrote:
On Wed, 10 Jan 2001, Pedro Margate wrote:
install the ssh binary as suid root by default. This can be disabled
during configuration or after the fact with chmod. I believe that would
That exploit can use any suid root
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Greetings.
Tested this on a SuSE 7.0 standard install
not vulnerable
I thought I'd contribute this, since I had the box standing around and some
might be interested in it.
Cheers
- --
Si vis pacem, para bellum
-BEGIN PGP SIGNATURE-
On Wed, 10 Jan 2001, Digital Overdrive wrote:
[Credits to ^herman^ in #hit2000 on ircnet]
A temp. sollution is to place this in /etc/services:
Erm, you mean /etc/profile?
declare -r RESOLV_HOST_CONF
jan@flits102-93:~$ export RESOLV_HOST_CONF=/etc/shadow
bash: RESOLV_HOST_CONF: readonly
On Wed, Jan 10, 2001 at 12:06:48AM -0700, Charles Stevenson wrote:
Hi all,
This has been bouncing around on vuln-dev and the debian-devel lists. It
effects glibc = 2.1.9x and it would seem many if not all OSes using these
versions of glibc. Ben Collins writes, "This wasn't supposed to
This does not happen on my machine using glibc-2.2 and openssh-2.3.0p1
following your example.
Tom Veldhouse
[EMAIL PROTECTED]
- Original Message -
From: "Charles Stevenson" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, January 10, 2001 1:06 AM
Subject: Glibc
Greetings,
The implementations of ssh that I'm familiar with (ssh and OpenSSH)
install the ssh binary as suid root by default. This can be disabled
during configuration or after the fact with chmod. I believe that would
prevent this exploit from operating. I've turned off the suid bit on
Summary of responses:
--
From: Jag [EMAIL PROTECTED]
On Wed, 10 Jan 2001, Thomas T. Veldhouse wrote:
This does not happen on my machine using glibc-2.2 and openssh-2.3.0p1
following your example.
I have reproduced it with glibc-2.2 and openssh-2.3.0p1 The key
on 1/10/01 1:34 PM, KraZee . at [EMAIL PROTECTED] wrote:
Hello, I run a few slackware boxes and I've tested this vulnerability. Is
there a patch? I haven't seen any vendor patches for this problem yet. I'm
also wondering if this hole is only limited to suids that use environmental
variables
Charles Stevenson wrote:
Hi all,
This has been bouncing around on vuln-dev and the debian-devel lists. It
effects glibc = 2.1.9x and it would seem many if not all OSes using these
versions of glibc. Ben Collins writes, "This wasn't supposed to happen, and
the actual fix was a missing
On Wed, 10 Jan 2001, Pedro Margate wrote:
install the ssh binary as suid root by default. This can be disabled
during configuration or after the fact with chmod. I believe that would
That exploit can use any suid root program which resolves host names. (For
example ping and traceroute) So
ssh is installed SUID root so that you can use RHOSTS authentication.
Like rlogin and rsh, rhosts authentication only succeeds if the remote
connection was opened on a privileged port, that is, under 1024 (the
protocols may be more specific than that).
The theory is that if a remote machine
On Wed, 10 Jan 2001, Charles Stevenson wrote:
Hi all,
This has been bouncing around on vuln-dev and the debian-devel lists. It
effects glibc = 2.1.9x and it would seem many if not all OSes using these
versions of glibc. Ben Collins writes, "This wasn't supposed to happen, and
the actual
Charles Stevenson wrote:
Hi all,
This has been bouncing around on vuln-dev and the debian-devel lists. It
effects glibc = 2.1.9x and it would seem many if not all OSes using these
versions of glibc. Ben Collins writes, "This wasn't supposed to happen, and
the actual fix was a missing
In bash, simplest way to discourage idiots who are going to do this is
to put the following in /etc/bashrc or /etc/profile (if you use Bash, I
dont know about tcsh or the others):
readonly RESOLV_HOST_CONF=""
Its not fool-proof, and wont last long, and definately wont stop those
intent on doing
Pedro Margate said the following on Wed, Jan 10, 2001 at 01:40:39PM -0500,
The implementations of ssh that I'm familiar with (ssh and OpenSSH)
install the ssh binary as suid root by default. This can be disabled
during configuration or after the fact with chmod. I believe that would
prevent
Thanks to everyone who replied to my post regarding ssh, although all that
was necessary was to simply smack me upside the head with a manual or FAQ.
(You don't have to anymore, I already did that myself)
To summarize what I have learned:
- ssh is suid root so that it can bind to low-numbered
20 matches
Mail list logo
