Bugtraq mailing list archives

Re: AIX 4.x Mount

From: troy () AUSTIN IBM COM (Troy A. Bollinger)
Date: Mon, 29 Dec 1997 00:48:45 -0600


-----BEGIN PGP SIGNED MESSAGE-----

S. Ryan Quick wrote:

My apologies if this is known already . . . however, I've seen nothing about
it and it does concern me.  I have verified a problem with mount on AIX 4.1.3,
4.1.4, 4.2.0, and 4.2.1 which allows a normal user to mount any filesystem
(including those already mounted by the system) on top of any writable
space.


This has been fixed in the gold release of AIX 4.3.0.  To my knowledge,
there are no current plans to backport this fix.

I have notified IBM of the problem . . . they have yet to respond.


Feel free to contact me with the PMR number and I'll make sure you get
an official response.

Thanks.
- --
Troy Bollinger                            troy () austin ibm com
AIX Security Development        security-alert () austin ibm com
PGP keyid: 1024/0xB7783129 Troy's opinions are not IBM policy

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQCVAwUBNKdHqMjqvEm3eDEpAQEF9wQAlX/1d+c66dZk9CqESFC6y78Zf0mssXTP
huNGPuCrcK2SLr0n3GveybVlvnh0wZYZRfun+ZuLtNLy2HWIYak/1g17X8GgEhqh
vYO8qbWx0jP+Hi2Njhg1mDqBofCkw+539Xdap4IDDVfg6YlRlYSGtCCMWwGPCzlu
PE5DMoL2/vY=
=7HwX
-----END PGP SIGNATURE-----

Current thread:

Oddities in RH 5.0 Tres Melton (Dec 28)
- Re: Oddities in RH 5.0 Frank Sweetser (Dec 28)
- Re: Oddities in RH 5.0 King O' Fun (Dec 28)
- Re: Oddities in RH 5.0 Chris Bond (Dec 28)
- AIX 4.x Mount S. Ryan Quick (Dec 28)
  - Re: AIX 4.x Mount Troy A. Bollinger (Dec 28)
  - iPass RoamServer 3.1 Chris A. Epler (Dec 29)
  - Apache DoS attack? Micha? Zalewski (Dec 30)
    - Re: Apache DoS attack? Mark Lowes (Dec 30)
    - Re: Apache DoS attack? Pancrazio DE MAURO (Dec 30)