Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: A few bugs...
From: okir () MONAD SWB DE (Olaf Kirch)
Date: Mon, 20 Sep 1999 11:14:41 +0200

On Fri, Sep 17, 1999 at 02:23:48PM -0500, Tymm Twillman wrote:

- Glibc 2.1.1:

  o unsetenv() off-by-one error:
     The unsetenv function in glibc 2.1.1 suffers from a problem whereby
     when running through the environment variables, if the name of the
     variable being unset is present twice consecutively, the second is
     not destroyed.

     unsetenv is sometimes used by programs that depend on it clearing out
     variables for protection against evil environment variables.


In particular, by ld.so. While this hole doesn't affect setuid programs
themselves, it means that programs run by the setuid application can be
fooled into using the LD_* variables.

Olaf

--
Olaf Kirch         |  --- o --- Nous sommes du soleil we love when we play
okir () monad swb de  |    / | \   sol.dhoop.naytheet.ah kin.ir.samse.qurax
okir () caldera de    +-------------------- Why Not?! -----------------------
         UNIX, n.: Spanish manufacturer of fire extinguishers.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]