> At least one vendor has chosen to include a new /bin/login with their > telnetd patch. At least one vendor is shipping a patch with a new > telnetd, but without a new /bin/login. > > I gather another advisory may be forthcoming for another, related > hole, this time in /bin/login. > > Can somebody name that hole? > Cert released something on the fact that login was not statically linked about 8 months ago, and was vunerable to this hole.. Of course login isnt the only thing that this can happen, statically linked httpd, or anything that binds a port (most OS's honor the suid thing, where if a program is suid or sgid it wont use the user env vars for libs, but when you telnet in, you go in as root, and that changes)..