Bugtraq mailing list archives
Re: fdmount buffer overflow
From: k8e () TURBOLINUX COM (Katherine M. Moussouris)
Date: Wed, 24 May 2000 15:04:27 -0700
FYI, TurboLinux is also NOT affected "as shipped" by this particular vulnerability, because users are never automatically added to the floppy group. fdmount *is* suid root, however, and we will be releasing an updated package shortly. -k8e On Tue, 23 May 2000, Vandoorselaere Yoann wrote:
Chmouel Boudjnah <chmouel () mandrakesoft com> writes:Greg Olszewski <noop () NWONKNU ORG> writes:Debian 2.1, 2.2, 2.3: fdmount is NOT installed suid. Mandrake 7.0: VulnerableAll our security system is handle via msec, in this case we add a user in the floppy group only if we are in level >= 3. So we are not affected if by default you did an Server install or set your security level to 4 5. Indeed we are affected if (and only if) the user is in the floppy group. A fix (remove suid root) come soon.Here is a patch to correct the fdmount problem... --- fdmount.c.orig Tue May 23 18:48:40 2000 +++ fdmount.c Tue May 23 18:49:04 2000 @@ -127,9 +127,10 @@ void errmsg(char *text,...) { char buff[80]; + va_list p; va_start(p,text); - vsprintf(buff,text,p); + vsnprintf(buff, 80, text,p); va_end(p); if(use_syslog) syslog(LOG_ERR, "%s: %s\n",curdev,buff); -- -- Yoann, http://www.mandrakesoft.com/~yoann/ It is well known that M$ products don't call free() after a malloc(). The Unix community wish them good luck for their future developments.
<<<<<<<<<<<<<<<<<<<<<<<<<<<<
Katie Moussouris Software Engineer k8e () turbolinux com Security Tzarina (650)228-5000 TurboLinux, Inc.
Current thread:
- Re: fdmount buffer overflow Cami (May 22)
- <Possible follow-ups>
- Re: fdmount buffer overflow Vandoorselaere Yoann (May 23)
- Deerfield Communications MDaemon Mail Server DoS cassius () HUSHMAIL COM (May 24)
- Re: fdmount buffer overflow Katherine M. Moussouris (May 24)
- Re: fdmount buffer overflow Chmouel Boudjnah (May 23)
- Re: fdmount buffer overflow Christopher Schulte (May 24)