whatever happened with glibc bug?
jan.listbox at belvento.org
Tue Nov 28 19:11:58 PST 2000
Thanks, Jeremy, for the info; tis much appreciated! :o)
linux-security at securityportal.com looks like a great resource.
On Monday 27 November 2000 14:36, "J. Jones"@darkside.dynup.net,
jdj at darkside.dynup.net wrote:
> There were two patches that I was aware of, never officially released
> though. Most distro's made patches off the cvs version that the
> updates were applied to. Best place to get them =
> These patches fixed one locale hole, but a _local_ user can still
> exploit it, and su is still exploitable after these patches.
> AFAIK, glibc 2.2 corrects at _least_ these holes. I found it quite
> disturbing that simply changing the language, and setting a few tricky
> environment variables, my box could be rooted. These particular bugs
> in glibc 2.1.3 were responsible for a _large_ amount of exploits in
> other packages (syslogd for one).
> If you are looking for a good linux security mailing list, you _must_
> try securityportal.com's linux-security mailing list. I have not found
> one faster or more thourough.
> mail to linux-security at listserv.securityportal.com subject subscribe
====== jan.listbox at belvento.org wrote:
> Remember the glibc bug(s) announced beginning of September? I was just
> curious whether or not there were any patches to be applied... Maybe it
> was on the list? If so, I missed it.
> Any thoughts out there..?
More information about the lfs-security