Bugtraq mailing list archives
Re: Glibc Local Root Exploit (summary)
From: Pedro Margate <pedro () ECLIPSE NET>
Date: Wed, 10 Jan 2001 18:57:03 -0500
Thanks to everyone who replied to my post regarding ssh, although all that was necessary was to simply smack me upside the head with a manual or FAQ. (You don't have to anymore, I already did that myself) To summarize what I have learned: - ssh is suid root so that it can bind to low-numbered ports, allowing it to work using .shosts or .rhosts authentication. - glibc is the real problem, not ssh. Any suid program that uses the resolver would be affected by this exploit. This should have been obvious to me. Sorry for my hastily written post. It just goes to show that haste makes, well, you know... Regards, Pedro
Current thread:
- Re: Glibc Local Root Exploit (summary) Pedro Margate (Jan 10)