Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1996_3

Bugtraq archives for 3rd quarter (Jul-Sep) 1996: Re: Vulnrability in all known Linux distributions

Re: Vulnrability in all known Linux distributions

Thomas Quinot (thomascuivre.fdn.fr)
Wed, 21 Aug 1996 12:50:22 GMT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Seven Up: "BUG in /bin/bash"
Previous message: Shaun Lowry: "Privilege (was Re: libresolv+ bug)"
Maybe in reply to: bloodmask: "Vulnrability in all known Linux distributions"

Alan Brown (alanmanawatu.planet.org.nz) écrit :

> > The problem in this case happens to be in the libc implementation of
> > realpath(), so I plan to post a patch against libc 5.3.12 shortly as well, and
> The current libc is 5.3.18, a patch against this would be better. :)

It might be worthwhile noting that a mount linked against GNU libc
(future libc 6) is _not_ vulnerable to this attack (presumably GNU libc
has a correct realpath()).

--
      Thomas.QuinotCuivre.FdN.FR       <URL:http://Web.FdN.FR/~tquinot/>

Next message: Seven Up: "BUG in /bin/bash"
Previous message: Shaun Lowry: "Privilege (was Re: libresolv+ bug)"
Maybe in reply to: bloodmask: "Vulnrability in all known Linux distributions"