The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: libc6 security holes? (was Re: Buffer Overruns in RedHat 5.0 (fwd))

To: "'John Goerzen'" <jgoerzen@southwind.net>, security@debian.org
Subject: RE: libc6 security holes? (was Re: Buffer Overruns in RedHat 5.0 (fwd))
From: "Meskes, Michael" <meskes@topsystem.de>
Date: Tue, 16 Dec 1997 15:19:03 +0100
Delivered-to: security@debian.org
Resent-cc: recipient list not shown: ;
Resent-date: 16 Dec 1997 14:14:41 -0000
Resent-from: debian-private@lists.debian.org
Resent-message-id: <"RGE9KC.A.6W.Rzol0"@debian>
Resent-sender: debian-private-request@lists.debian.org

I tried that example from linux-alert (same bug) but couldn't reproduce
the bug.

Michael

--
Dr. Michael Meskes, Project-Manager    | topsystem Systemhaus GmbH
meskes@topsystem.de                    | Europark A2, Adenauerstr. 20
meskes@debian.org                      | 52146 Wuerselen
Go SF49ers! Go Rhein Fire!             | Tel: (+49) 2405/4670-44
Use Debian GNU/Linux!                  | Fax: (+49) 2405/4670-10

> -----Original Message-----
> From:	John Goerzen [SMTP:jgoerzen@southwind.net]
> Sent:	Tuesday, December 16, 1997 3:18 PM
> To:	security@debian.org
> Subject:	libc6 security holes? (was Re: Buffer Overruns in RedHat
> 5.0 (fwd))
> 
> Check out the below from Bugtraq...  are we vulnerable???
> 
> -- 
> John Goerzen
> Southwind Internet Access, Inc. Technical Support
> Business e-mail: jgoerzen@southwind.net
> 
> Personal e-mail: jgoerzen@complete.org
> Wichita State University e-mail: jgoerzen@cs.twsu.edu
> Developer, Debian GNU/Linux    <http://www.debian.org>
> 
> ---------- Forwarded message ----------
> Date: Sun, 14 Dec 1997 18:54:53 -0700
> From: Wilton Wong - ListMail <listmail@NOVA.BLACKSTAR.NET>
> To: BUGTRAQ@NETSPACE.ORG
> Subject: Re: Buffer Overruns in RedHat 5.0
> 
> Well I have compiled my onw ping/traceroute/rsh from the SRPMS and the
> sources of the things don't seem to be the problem, well not that I
> can
> see anyways.. (looked thru briefly and didn't see any obvious holes)
> 
> I am running the same traceroute on a RH4.8 box and it looks like that
> one
> isn't vulnerable.. I think the only diff between the programs is one
> is
> compiled for libc5 and the other glibc2.. I am starting to suspect
> that
> this could be a library problem and not a problem with the programs..
> 
> An strace shows traceroute gets to opening the resolv lib and then
> dies.
> 
> Alot of my apps in RH5.0 I can segfault with a long parameter for
> example
> telnet, but the same app in RH4.8 won't.. plus I'd like to belive that
> people that write setuid programs as simple as ping would see
> something as
> blatenly obvious as this..
> 
> Oh well another glibc "feature" I guess..
> 
> btw: has anyone gotten the non-stack exec + symlink security fixes
> incorporated in their RH5.0 box ? I tried it once without trampoines
> and
> init wouldn't even run, I tried again this time allowing trampolines
> and
> most programs ran with the exception of some X things like xv.. looks
> like
> trampolines exist in the glibc2 =(
> 
> ----------------------------------------------------------------------
> ---
>    Wilton Wong                                BlackStar Communications
>    URL: http://www.blackstar.net                     16121 - 57 Street
>    Email: wwong@blackstar.net                      Edmonton AB T5Y 2T1
>    Tel: (403) 486-7783                             Fax: (403) 484-6004
> ----------------------------------------------------------------------
> ---
> 
> On Sun, 14 Dec 1997, Phillip R. Jaenke wrote:
> 
> > >Just going though some setuid things and noticed that in RedHat 5.0
> you
> > >can overrun the buffers in /bin/ping and /usr/sbin/traceroute, I
> attached
> > >an exploit for traceroute nothing fancy just what I had to test it
> with
> > >simple eggshell.
> > > looks like these are also vunerable to buffer overruns,
> /usr/bin/rlogin
> > > /usr/bin/rsh
> > > Sorry if this has been mentioned before..
> >
> > Wilton;
> >
> > It hasn't. And I can already think of several workarounds.
> >
> > One is to compile your own ping, traceroute, rlogin, and rsh.
> > The other is to drop back to ping/traceroute/rlogin/rsh from RH4.2,
> or
> > 4.9.1, which is not vulnerable, AFAIK.
> >
> > I'm going to pass this email on to RedHat so we can get a 'real' fix
> soon.
> >
> > -prj
> >
> >
> 
> 
> --
> TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe"
> to
> debian-private-request@lists.debian.org . 
> Trouble?  e-mail to templin@bucknell.edu .


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Prev by Date: Re: SPI money out
Next by Date: debian pppd chatscript (fwd)
Previous by thread: Re: libc6 security holes? (was Re: Buffer Overruns in RedHat 5.0 (fwd))
Next by thread: debian pppd chatscript (fwd)
Index(es):
- Date
- Thread