<br /> glibc in unstable has a security hole. – Debian Planet

Welcome to Debian Planet

News for Debian. Stuff that *really* matters

Debian
These are important Debian sites one should not be without!

  • Official Debian site
  • Package search
  • Mailing list archives
  • Bug reports
  • Debian on CD
  • Debian Weekly News — excellent news source!
  • Unofficial APT sources
    (apt-get.org)

  • Developers’ Corner
  • Community
    Need help? You’re not alone on this planet.

  • Planet Debian
  • debianHELP
    (User support site)

  • Debian International
  • DebianForum.de
    (Deutsch)

  • DebianForum.dk
    (Dansk)

  • EsDebian
    (Español)

  • DebianWorld
    (Français)

  • Debian-Fr
    (Français)

  • MaximumDebian
    (Italiano)

  • DebianUsers
    (한국어)

  • Debian-BR
    (Português)

  • DebianHOWTO
    (Deutsch)

  • Russian Debian
  • Debian-JP
    (日本語)
  • Debian Suisse
    (Suisse)
  • Contribute
    Got that latest or greatest scoop? Perhaps you have some important news for the Debian community? Submit a news item!

    Or perhaps you’ve written a rather ground breaking insight into some aspect of Debian and you feel compelled to share it with others? Knock up a longer editorial article and send it to the editors.

    General feedback should be sent to staff@debianplanet.org

    IRC
    The place to get help on a Debian problem (after reading docs) or to just chat and chill is #debian on irc.oftc.net.

    Many of the Debian Planet staff live there so pop by and say hello.

    Debian Planet also has its own channel on the same network called #debianplanet.

    Sponsorship

    DP is sponsored by Xinit Systems.

    Domains paid for and hosted by uklinux.net.

    Buy your Debian merchandise at DebianShop.com.

    Donate
    Support Debian through Bytemark Hosting. At least £7 will be given for each new account

    Syndicate
    XML

    glibc in unstable has a security hole.
    Submitted by ressu on Thursday, January 11, 2001 – 11:44
    This is a late warning for all the users that run unstable but don’t scan bugtraq, debian-devel or any other major lists. glibc in unstable has a security hole that allows anyone to read almost any file. new glibc is in incoming (or was this morning) update your system ASAP.

    Control panel

    Comment viewing options:



    Select your prefered way to display the comments and click ‘Update settings’ to activate your changes.

    Subject: Re: glibc in unstable has a security hole.
    Author: Anonymous
    Date: Thursday, 2001/01/11 – 19:17
    How about pointers to bugtraq, etc. regarding the bug, severity, etc. Is it a local or remote exploit?
    [ Please login, or register ]

     

    Subject: Re: glibc in unstable has a security hole.
    Author: Anonymous
    Date: Thursday, 2001/01/11 – 21:53

    Link to bugtraq

    Anyway, this seems to be the problem:


    A problem in versions of glibc 2.1.9 and greater allow a local user access to restricted files. A typo in the glibc source creates a situation of insufficent validation and clearing of the environment variable RESOLV_HOST_CONF, a controlled environment variable that is normally cleared when suid/sgid programs are executed. Therefore, it is possible for a local user to set this environment variable to a sensitive system file and gain read privileges to the file. This vulnerability makes it possible for a user with malicious intent to read the shadow file, and gain access to encrypted passwords. Successful exploitation of this vulnerability could lead to compromise of system accounts, elevated privileges, and potentially administrative access.

    [ Please login, or register ]

     

    Subject: Re: glibc in unstable has a security hole.
    Author: ressu
    Date: Friday, 2001/01/12 – 15:54
    yup… sorry about not looking up on this…

    although.. i assumed that those whom are interested would have already seen it..

    my mistake.. i will work on not doing it again…

    [ Please login, or register ]

    Search articles



    Category
    ·News (281)
    ·Features (5)
    ·Site News (11)
    ·HOWTOs (50)
    ·Tips (11)
    ·Opinion (21)
    ·Q & A (21)
    ·Sponsorship (1)
    ·Press Releases

    Log in
    Username:

    Password:

    Remember me

    » Register
    » New password

    Debian Security Announcements
    DSA-527 pavuk
    DSA-526 webmin
    DSA-525 apache
    DSA-524 rlpr
    DSA-523 www-sql
    DSA-522 super
    DSA-521 sup
    DSA-520 krb5
    DSA-519 cvs
    DSA-518 kdelibs

    Planet Debian
    Manoj Srivastava: Colour theory and colour schemes
    Jordi Mallach: Firefox locale update
    Joey Hess: voting
    Jaldhar Vyas: Perl Training in Connecticut
    Marco d’Itri: On compromise, and updated packages
    Pascal Hakim: Backup MXs can still have a place
    Norbert Tretkowski: Subject: Accepted vim 1:6.3-013+2 (sparc source all)
    Antti-Juhani Kaijanaho: No more experimental announcements here
    Simon Law: tvtime
    Simon Law: Weekend

    Latest poll: How often would you like to see a Debian release?
    3 months
    5%
       
    6 months
    18%
       
    9 months
    10%
       
    1 year
    46%
     
    1.5 years
    12%
       
    2 years
    6%
       
    3 years
    3%
       

    Total votes: 615
    8 comments · older polls

    home · archives · news feeds · about · polls · search · sections · user account

    Powered by the amazing Drupal

    Debian Planet is not officially related to the Debian Project.
    Debian and the Debian logo are trademarks of Software in the Public Interest, Inc.