Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Glibc Local Root Exploit (summary)
From: Pedro Margate <pedro () ECLIPSE NET>
Date: Wed, 10 Jan 2001 18:57:03 -0500

Thanks to everyone who replied to my post regarding ssh, although all that
was necessary was to simply smack me upside the head with a manual or FAQ.
(You don't have to anymore, I already did that myself)

To summarize what I have learned:

- ssh is suid root so that it can bind to low-numbered ports, allowing it
to work using .shosts or .rhosts authentication.

- glibc is the real problem, not ssh.  Any suid program that uses the
resolver would be affected by this exploit.  This should have been obvious
to me.

Sorry for my hastily written post.  It just goes to show that haste makes,
well, you know...


  By Date           By Thread  

Current thread:
  • Re: Glibc Local Root Exploit (summary) Pedro Margate (Jan 11)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]