Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Glibc Local Root Exploit
From: Matt Zimmerman <mdz () CSH RIT EDU>
Date: Thu, 11 Jan 2001 10:22:33 -0500

On Wed, Jan 10, 2001 at 05:53:03PM -0800, Ben Greenbaum wrote:

Summary of responses:

From: Jag <agrajag () linuxpower org>

On Wed, 10 Jan 2001, Thomas T. Veldhouse wrote:
This does not happen on my machine using glibc-2.2 and openssh-2.3.0p1
following your example.
I have reproduced it with glibc-2.2 and openssh-2.3.0p1  The key is that
you must actually ssh to a valid host.  If ssh can't resolve the host,
it won't display the contents of the file.

This is not true.  host.conf file is read _before_ the actual query takes
place, as its options affect how the query is done.  It does not matter what
hostname is passed to the resolver.

 - mdz

Attachment: _bin

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]