GEN:SID 1:714
Message TELNET resolv_host_conf
Summary The RESOLV_HOST_CONF variable is being manipulated on your Telnet host.
Impact Elevated priviledges (file reads).
Detailed Information The RESOLV_HOST_CONF variable, used by suid and sgid applications, isn't
properly validated in some versions of glibc.  As a result, an attacker
can use an suid or sgid root program to gain access to files they're not
supposed to have.
Affected Systems UNIX systems with unpatched glibc 2.1.x or 2.2.x implementations.
Attack Scenarios Attacker sets the RESOLVE_HOST_CONF variable to the filename of any
protected file (for example, /etc/shadow), and then runs an suid or sgid
root program.  The contents of the protected file are then echoed to the
console in a series of error messages.
Ease of Attack Simple.
Corrective Action Install the latest vendor-supplied glibc implementation.
Additional References Arachnids:
http://www.whitehats.com/info/IDS369

Bugtraq:
http://www.securityfocus.com/bid/2181

Rule References arachnids: 369
bugtraq: 2181
cve: 2001-0170