Glibc Local Root Exploit (fwd)
Pekka Savola
pekkas at netcore.fi
Fri Jan 12 03:27:56 EST 2001
On Thu, 11 Jan 2001 mouring at etoh.eviladmin.org wrote:
> Hmm.. What a wonderful way to start my morning. I can sure confirm that
> OpenSSH's ssh w/ RESOLV_HOST_CONF set to /etc/shadow works great for
> pulling up passwords on Redhat 7.0/intel (glibc 2.2).
>
> I'm guess I should be thankful I don't run a shell server.
>
> Wonder if NSA's involvement in Linux will improve it. <sigh>
Luckily enough this isn't OpenSSH specific; you can do this with ~any
setuid application that doesn't drop privileges soon enough.
However, ping and traceroute in RHL7 do though.
--
Pekka Savola "Tell me of difficulties surmounted,
Netcore Oy not those you stumble over and fall"
Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
More information about the openssh-unix-dev
mailing list