Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
SECURITY ALERT (libresolv+ bug)Jared Mauch (jaredpuck.nether.net)
Fri, 16 Aug 1996 09:03:19 -0400
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Tracy R. Reed: "Re: Tracking tools?"
- Previous message: der Mouse: "Re: Tracking tools?"
----- Forwarded message from Myles Uyema ----- >From mylesnether.net Fri Aug 16 00:18:31 1996 Date: Thu, 15 Aug 1996 18:18:13 -1000 (HST) From: Myles Uyema <mylesnether.net> X-Sender: mylesmicron.intra.network To: Jared Mauch <jaredpuck.nether.net> Subject: SECURITY ALERT Message-ID: <Pine.LNX.3.95.960815181521.10074A-100000micron.intra.network> -- Start of PGP signed section. You've probably been informed about this or read about the libresolv+ bug. Any suid-root binaries should be stripped if they use any of the resolv routines. Vulnerable utilities are: ping, traceroute, ssh. Remove their global execution priveledges. A common exploit: export RESOLV_HOST_CONF=/etc/shadow ; ping asdf Myles Uyema mylesnether.net [finger uyemanether.net for PGP public key] -- End of PGP signed section. ----- End of forwarded message from Myles Uyema -----