From david@xmen.wolvie.com Thu Aug 15 13:42:07 1996 Received: from xmen.wolvie.com (david@wolvie.com [206.210.65.111]) by suburbia.net (8.7.4/Proff-950810) with ESMTP id NAA05594 for ; Thu, 15 Aug 1996 13:41:25 +1000 Received: (from david@localhost) by xmen.wolvie.com (8.7.5/8.6.9) id XAA11777; Wed, 14 Aug 1996 23:23:07 -0400 Date: Wed, 14 Aug 1996 23:23:06 -0400 (EDT) From: David Kelly To: best-of-security@suburbia.net Subject: Re: BoS: Wide spread resolv+ bugs In-Reply-To: <199608142328.JAA21236@suburbia.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII On Thu, 15 Aug 1996, Julian Assange wrote: > $ export RESOLV_HOST_CONF=/etc/shadow > $ rlogin thepopeneverlikedbadgersanywaymate > > Linux is prone to this. Solaris/Sunos does not appear to be. FreeBSD is > not. But thats ok, they make up for it with NLS/Locale, which is a far, far > bigger problem. --- OSF/1 doesn't seem to be vulnerable either. Does anyone know if there are patches available to fix this for linux? Also, could you please explain why NLS/Locale is a far, far bigger problem? Thanks, David