Re: telnetd hole, and related /bin/login problem?

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: root: "pcnfsd"
• Previous message: Karl Strickland: "8LGM & Solaris 2.5"
• Maybe in reply to: Dan Stromberg - OAC-DCS: "telnetd hole, and related /bin/login problem?"

> At least one vendor has chosen to include a new /bin/login with their
> telnetd patch.  At least one vendor is shipping a patch with a new
> telnetd, but without a new /bin/login.
>
> I gather another advisory may be forthcoming for another, related
> hole, this time in /bin/login.
>
> Can somebody name that hole?
>
Cert released something on the fact that login was not statically linked
about 8 months ago, and was vunerable to this hole..

Of course login isnt the only thing that this can happen, statically linked
httpd, or anything that binds a port (most OS's honor the suid thing, where if
a program is suid or sgid it wont use the user env vars for libs, but when
you telnet in, you go in as root, and that changes)..

• Next message: root: "pcnfsd"
• Previous message: Karl Strickland: "8LGM & Solaris 2.5"
• Maybe in reply to: Dan Stromberg - OAC-DCS: "telnetd hole, and related /bin/login problem?"