Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

SECURITY ALERT/FIX: mount on Red Hat Linux

From: sopwith () redhat com (Elliot Lee)
Date: Tue, 13 Aug 1996 13:43:39 -0400

-----BEGIN PGP SIGNED MESSAGE-----

Recently a security hole was found in the mount program that comes with
many Linux distributions, including Red Hat Linux.

mount and umount are normally installed setUID root to allow users to
perform mount and unmount operations. Unfortunately, they do not check the
length of the information passed to them, creating a buffer overflow
problem. For more details, visit the BugTraq mailing-list archives at
http://www.eecs.nwu.edu/~jmyers/bugtraq/index.html

This hole allows anyone with an account on a system to obtain root access.

Affected systems:
        - All systems running all versions of Red Hat Linux.

Users of versions of Red Hat less than 3.0.3 are advised to upgrade to
3.0.3, since many other problems are fixed in the upgrade.

If you are running:
* Red Hat Linux 3.0.3 (Picasso) on the Intel architecture, get
        - ftp://ftp.redhat.com/pub/redhat/redhat-3.0.3/i386/updates/RPMS/
                util-linux-2.5-11fix.i386.rpm
                mount-2.5k-1.i386.rpm
And install them in that order using 'rpm -Uvh [rpm filename]'

* Red Hat Linux 3.0.3 (Picasso) on the Intel architecture, get
        - ftp://ftp.redhat.com/pub/redhat/redhat-3.0.3/axp/updates/RPMS/
                util-linux-2.5-11fix.axp.rpm
                mount-2.5k-1.axp.rpm
And install them in that order using 'rpm -Uvh [rpm filename]'

* Red Hat Linux 3.0.4 (Rembrandt) beta on the Intel, get
        - ftp://ftp.redhat.com/pub/redhat/rembrandt/i386/updates/RPMS/
                mount-2.5k-2.i386.rpm

* Red Hat Linux 3.0.4 (Rembrandt) beta on the Sparc, get
        - ftp://ftp.redhat.com/pub/redhat/rembrandt/sparc/updates/RPMS/
                mount-2.5k-2.sparc.rpm

[Aside: There is no difference between mount-2.5k-1 and -2 except
the package format.]

All RPMs are PGP-signed with the redhat () redhat com key.
The source RPMs will be available in the normal locations.

MD5SUM's:
ad9b0628b6af9957d7b5eb720bbe632b  mount-2.5k-1.axp.rpm
12cb19ec4b3060f8d1cedff77bda7c05  util-linux-2.5-11fix.axp.rpm

26506a3c0066b8954d80deff152e0229  mount-2.5k-1.i386.rpm
f48c6bf901dd5d2c476657d6b75b12a5  util-linux-2.5-11fix.i386.rpm

7337f8796318f3b13f2dccb4a8f10b1a  mount-2.5k-2.i386.rpm
e68ff642a7536f3be4da83eedc14dd76  mount-2.5k-2.sparc.rpm

Thanks to Bloodmask, Vio, and others on the BugTraq list for discovering
this hole and providing patches.

 --==== Elliot Lee = <sopwith () redhat com> == Red Hat Software ====--
"Usenet is like a herd of performing elephants with diarrhea; massive,
 difficult to redirect, awe-inspiring, entertaining, and a source of
 mind-boggling amounts of excrement when you least expect it."


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMhC+zyaSlK8942+NAQE/zgP/eL2/yXL+MfK7T+HT2+v9JKN6G+Lalbio
IWmBh2/k9oLNkSbJOZhA4wMuJH1erZLm7UjySoccjYiBeVIIiS47EY8WlejA+t0F
MZe47G6xSVW02F4DtF2cF0S8DEbfYgPsHg/h3mh7DQDRr2CxfzAa7kYE64I1+eeb
r2vvzaENzVU=
=Sk5y
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: