Linux distributions and /bin/login overflow (fwd)

Hi, This mail was published on Bugtraq. I cannot confirm the issue on SuSE 7.0, but I have some elder versions running but not tested. Is this issue limited to console access? It seems that SSHD does not UseLogin by default. It seems a local privilege problem, is that correct? Do I have to worry? Can the SysV options disabled in some config file? Thank you! oki, Steffen ----- Forwarded message from Anton Rager ----- X-AntiVirus: scanned for viruses by AMaViS 0.2.0-pre6 (http://aachalon.de/AMaViS/) X-Note: Not addressed to me personaly. X-Note: Free (web) email service used. From: Anton Rager To: bugtraq@securityfocus.com Subject: Linux distributions and /bin/login overflow Date: Wed, 19 Dec 2001 15:04:59 -0800 (PST) Hello, It seems that while Redhat Linux and Caldera Linux distributions are immune to the recent /bin/login environ overflow, other Linux distributions are not. Several Linux distributions install /bin/login with SysV login options enabled. Slackware 8.0 and lower [tested with 8.0, 4.0, 3.3] has SysV options enabled with /bin/login and is vulnerable. SuSE 6.1 has SysV options enabled with /bin/login and is vulnerable. I don't have a newer SuSE release, so others will need to verify. It would seem logical that SuSE 8.3 still includes the SysV login options enabled, and is probably vulnerable as well. Other distributions should be checked as well. A quick way to check for SysV option capabilities is to type "login", then enter "root testenv1=test" at the login: prompt. Supply your root passwd, and look for "testenv1" in the output of set. If it's set, then your copy of /bin/login supports SysV options.....and is probably vulnerable. Follow similar procedure to find overflow possibility/specifics ;) Regards, Anton Rager a_rager@yahoo.com __________________________________________________ Do You Yahoo!? Check out Yahoo! Shopping and Yahoo! Auctions for all of your unique holiday gifts! Buy at http://shopping.yahoo.com or bid at http://auctions.yahoo.com ----- End forwarded message ----- -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.