Bugtraq mailing list archives
Re: [linux-security] ncpmount/ncpumount
From: coxa () cableol net (Alan Cox)
Date: Mon, 21 Oct 1996 17:58:41 +0100
I haven't had a chance to look at the source code yet, but it appears that ncpmount and ncpumount suffer from exactly the same problem that mount and umount did. In fact, the mount exploit that was so widely circulated works with ncpumount with no modifications.The buffer overflow you are referring to is hidden in the realpath(3) function. So the mount programs are the wrong ones to blame. Rather update your C library.
If its the same as mount, and wu.ftpd it includes realpath (broken version) with the program and uses that instead of the (fixed) libc one. Alan
Current thread:
- [linux-security] ncpmount/ncpumount Runar Jensen (Oct 20)
- <Possible follow-ups>
- Re: [linux-security] ncpmount/ncpumount Thomas Roessler (Oct 21)
- Re: [linux-security] ncpmount/ncpumount Alan Cox (Oct 21)