Bugtraq mailing list archives

Re: Linux & BSD's umount exploit

From: davem () iss net (David J. Meltzer)
Date: Wed, 30 Oct 1996 13:33:39 -0500

there is a bug in berkeley-derived umount, which allows attacker to
get root access (see freebsd-security for details). Here is exploit for
Linux (tested on 2.0.XX), for BSD (tested on FreeBSD 2.1) and a quick
soluction.


This is not a new hole, this is the same buffer overflow that was found
months ago and that others published on bugtraq and elsewhere quite a
while ago.  This is also the same thing that a CERT vendor bulletin was
issued on.
As for the exploit, this is the 3rd one I have seen that duplicates the
functionality of the original sno.c code that was used to exploit it.

Dave

--------------------------------+---------------------
       David J. Meltzer         | Email: davem () iss net
       Systems Engineer         |   Web:   www.iss.net
Internet Security Systems, Inc. |   Fax: (770)395-1972

Current thread:

Linux & BSD's umount exploit Paulo Jorge Alves Oliveira (Oct 29)
- Re: Linux & BSD's umount exploit David J. Meltzer (Oct 30)
- <Possible follow-ups>
- Re: Linux & BSD's umount exploit Mike Bremford (Oct 30)
- Re: Linux & BSD's umount exploit Alan Cox (Oct 30)