Bugtraq mailing list archives
Re: Linux & BSD's umount exploit
From: davem () iss net (David J. Meltzer)
Date: Wed, 30 Oct 1996 13:33:39 -0500
there is a bug in berkeley-derived umount, which allows attacker to get root access (see freebsd-security for details). Here is exploit for Linux (tested on 2.0.XX), for BSD (tested on FreeBSD 2.1) and a quick soluction.
This is not a new hole, this is the same buffer overflow that was found months ago and that others published on bugtraq and elsewhere quite a while ago. This is also the same thing that a CERT vendor bulletin was issued on. As for the exploit, this is the 3rd one I have seen that duplicates the functionality of the original sno.c code that was used to exploit it. Dave --------------------------------+--------------------- David J. Meltzer | Email: davem () iss net Systems Engineer | Web: www.iss.net Internet Security Systems, Inc. | Fax: (770)395-1972
Current thread:
- Linux & BSD's umount exploit Paulo Jorge Alves Oliveira (Oct 29)
- Re: Linux & BSD's umount exploit David J. Meltzer (Oct 30)
- <Possible follow-ups>
- Re: Linux & BSD's umount exploit Mike Bremford (Oct 30)
- Re: Linux & BSD's umount exploit Alan Cox (Oct 30)