Matt Zimmerman wrote:
>
> On Thu, Jan 11, 2001 at 01:42:52AM +0200, Ari Saastamoinen wrote:
>
> > On Wed, 10 Jan 2001, Pedro Margate wrote:
> >
> > > install the ssh binary as suid root by default. This can be disabled
> > > during configuration or after the fact with chmod. I believe that would
Simon Cozens <[EMAIL PROTECTED]> writes:
> And a patch. Yeah, it's pretty obvious, but nobody's produced it yet.
Your patch doesn't include the HOSTALIASES fix (which is
security-related as well):
Index: sysdeps/generic/unsecvars.h
===
On Wed, 10 Jan 2001, Digital Overdrive wrote:
> [Credits to ^herman^ in #hit2000 on ircnet]
> A temp. sollution is to place this in /etc/services:
Erm, you mean /etc/profile?
> declare -r RESOLV_HOST_CONF
>
> jan@flits102-93:~$ export RESOLV_HOST_CONF=/etc/shadow
> bash: RESOLV_HOST_CONF: reado
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Greetings.
Tested this on a SuSE 7.0 standard install
not vulnerable
I thought I'd contribute this, since I had the box standing around and some
might be interested in it.
Cheers
- --
Si vis pacem, para bellum
-BEGIN PGP SIGNATURE-
Ver
On Thu, Jan 11, 2001 at 01:42:52AM +0200, Ari Saastamoinen wrote:
> On Wed, 10 Jan 2001, Pedro Margate wrote:
>
> > install the ssh binary as suid root by default. This can be disabled
> > during configuration or after the fact with chmod. I believe that would
>
> That exploit can use any sui
On Wed, Jan 10, 2001 at 05:53:03PM -0800, Ben Greenbaum wrote:
> Summary of responses:
>
> --
> From: Jag <[EMAIL PROTECTED]>
>
> On Wed, 10 Jan 2001, Thomas T. Veldhouse wrote:
> > This does not happen on my machine using glibc-2.2 and openssh-2.3.0p1
> > follow
Hopefully the BUGTRAQ moderators will catch and delete my first message.
This one has a little more detail.
> --
> From: Joseph Nicholas Yarbrough <[EMAIL PROTECTED]>
>
> I am unable to reproduce this using slackware 7.1(glibc2.1.3).
> What ver
And a patch. Yeah, it's pretty obvious, but nobody's produced it yet.
Of course, it'll take you forever to *compile* the thing. :)
--- sysdeps/generic/unsecvars.h~Wed Jan 10 23:37:09 2001
+++ sysdeps/generic/unsecvars.h Wed Jan 10 23:37:20 2001
@@ -5,7 +5,7 @@
"LOCPATH",
Pedro Margate wrote:
>
> The implementations of ssh that I'm familiar with (ssh and OpenSSH)
> install the ssh binary as suid root by default. This can be disabled
> during configuration or after the fact with chmod. I believe that would
> prevent this exploit from operating. I've turned off th
Thanks to everyone who replied to my post regarding ssh, although all that
was necessary was to simply smack me upside the head with a manual or FAQ.
(You don't have to anymore, I already did that myself)
To summarize what I have learned:
- ssh is suid root so that it can bind to low-numbered po
Pedro Margate said the following on Wed, Jan 10, 2001 at 01:40:39PM -0500,
> The implementations of ssh that I'm familiar with (ssh and OpenSSH)
> install the ssh binary as suid root by default. This can be disabled
> during configuration or after the fact with chmod. I believe that would
> prev
In bash, simplest way to discourage idiots who are going to do this is
to put the following in /etc/bashrc or /etc/profile (if you use Bash, I
dont know about tcsh or the others):
readonly RESOLV_HOST_CONF=""
Its not fool-proof, and wont last long, and definately wont stop those
intent on doing
Charles Stevenson wrote:
>
> Hi all,
> This has been bouncing around on vuln-dev and the debian-devel lists. It
> effects glibc >= 2.1.9x and it would seem many if not all OSes using these
> versions of glibc. Ben Collins writes, "This wasn't supposed to happen, and
> the actual fix was a missin
On Wed, 10 Jan 2001, Charles Stevenson wrote:
> Hi all,
> This has been bouncing around on vuln-dev and the debian-devel lists. It
> effects glibc >= 2.1.9x and it would seem many if not all OSes using these
> versions of glibc. Ben Collins writes, "This wasn't supposed to happen, and
> the act
ssh is installed SUID root so that you can use RHOSTS authentication.
Like rlogin and rsh, rhosts authentication only succeeds if the remote
connection was opened on a privileged port, that is, under 1024 (the
protocols may be more specific than that).
The theory is that if a remote machine conne
On Wed, 10 Jan 2001, Pedro Margate wrote:
> install the ssh binary as suid root by default. This can be disabled
> during configuration or after the fact with chmod. I believe that would
That exploit can use any suid root program which resolves host names. (For
example ping and traceroute) So
Charles Stevenson wrote:
>
> Hi all,
> This has been bouncing around on vuln-dev and the debian-devel lists. It
> effects glibc >= 2.1.9x and it would seem many if not all OSes using these
> versions of glibc. Ben Collins writes, "This wasn't supposed to happen, and
> the actual fix was a missin
on 1/10/01 1:34 PM, KraZee . at [EMAIL PROTECTED] wrote:
> Hello, I run a few slackware boxes and I've tested this vulnerability. Is
> there a patch? I haven't seen any vendor patches for this problem yet. I'm
> also wondering if this hole is only limited to suids that use environmental
> variabl
Summary of responses:
--
From: Jag <[EMAIL PROTECTED]>
On Wed, 10 Jan 2001, Thomas T. Veldhouse wrote:
> This does not happen on my machine using glibc-2.2 and openssh-2.3.0p1
> following your example.
I have reproduced it with glibc-2.2 and openssh-2.3.0p1 The k
Greetings,
The implementations of ssh that I'm familiar with (ssh and OpenSSH)
install the ssh binary as suid root by default. This can be disabled
during configuration or after the fact with chmod. I believe that would
prevent this exploit from operating. I've turned off the suid bit on
every
This does not happen on my machine using glibc-2.2 and openssh-2.3.0p1
following your example.
Tom Veldhouse
[EMAIL PROTECTED]
- Original Message -
From: "Charles Stevenson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, January 10, 2001 1:06 AM
Sub
On Wed, Jan 10, 2001 at 12:06:48AM -0700, Charles Stevenson wrote:
> Hi all,
> This has been bouncing around on vuln-dev and the debian-devel lists. It
> effects glibc >= 2.1.9x and it would seem many if not all OSes using these
> versions of glibc. Ben Collins writes, "This wasn't supposed to h
Hi all,
This has been bouncing around on vuln-dev and the debian-devel lists. It
effects glibc >= 2.1.9x and it would seem many if not all OSes using these
versions of glibc. Ben Collins writes, "This wasn't supposed to happen, and
the actual fix was a missing comma in the list of secure env var
23 matches
Mail list logo