GEN:SID | 1:714 |
Message | TELNET resolv_host_conf |
Summary | The RESOLV_HOST_CONF variable is being manipulated on your Telnet host.
|
Impact | Elevated priviledges (file reads).
|
Detailed Information | The RESOLV_HOST_CONF variable, used by suid and sgid applications, isn't properly validated in some versions of glibc. As a result, an attacker can use an suid or sgid root program to gain access to files they're not supposed to have.
|
Affected Systems | UNIX systems with unpatched glibc 2.1.x or 2.2.x implementations.
|
Attack Scenarios | Attacker sets the RESOLVE_HOST_CONF variable to the filename of any protected file (for example, /etc/shadow), and then runs an suid or sgid root program. The contents of the protected file are then echoed to the console in a series of error messages.
|
Ease of Attack | Simple.
|
Corrective Action | Install the latest vendor-supplied glibc implementation.
|
Additional References | Arachnids: http://www.whitehats.com/info/IDS369
Bugtraq: http://www.securityfocus.com/bid/2181
|
Rule References | arachnids: 369
bugtraq: 2181
cve: 2001-0170
|