OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq archives for 3rd quarter (Jul-Sep) 1996: Re: Vulnrability in all known Linux distributions

Re: Vulnrability in all known Linux distributions

Thomas Quinot (thomascuivre.fdn.fr)
Wed, 21 Aug 1996 12:50:22 GMT

Alan Brown (alanmanawatu.planet.org.nz) écrit :

> > The problem in this case happens to be in the libc implementation of
> > realpath(), so I plan to post a patch against libc 5.3.12 shortly as well, and
> The current libc is 5.3.18, a patch against this would be better. :)

It might be worthwhile noting that a mount linked against GNU libc
(future libc 6) is _not_ vulnerable to this attack (presumably GNU libc
has a correct realpath()).

--
      Thomas.QuinotCuivre.FdN.FR       <URL:http://Web.FdN.FR/~tquinot/>