Bugtraq mailing list archives
Re: fdmount buffer overflow
From: yoann () MANDRAKESOFT COM (Vandoorselaere Yoann)
Date: Tue, 23 May 2000 18:50:20 +0200
Chmouel Boudjnah <chmouel () mandrakesoft com> writes:
Greg Olszewski <noop () NWONKNU ORG> writes:Debian 2.1, 2.2, 2.3: fdmount is NOT installed suid. Mandrake 7.0: VulnerableAll our security system is handle via msec, in this case we add a user in the floppy group only if we are in level >= 3. So we are not affected if by default you did an Server install or set your security level to 4 5. Indeed we are affected if (and only if) the user is in the floppy group. A fix (remove suid root) come soon.
Here is a patch to correct the fdmount problem... --- fdmount.c.orig Tue May 23 18:48:40 2000 +++ fdmount.c Tue May 23 18:49:04 2000 @@ -127,9 +127,10 @@ void errmsg(char *text,...) { char buff[80]; + va_list p; va_start(p,text); - vsprintf(buff,text,p); + vsnprintf(buff, 80, text,p); va_end(p); if(use_syslog) syslog(LOG_ERR, "%s: %s\n",curdev,buff); -- -- Yoann, http://www.mandrakesoft.com/~yoann/ It is well known that M$ products don't call free() after a malloc(). The Unix community wish them good luck for their future developments.
Current thread:
- Re: fdmount buffer overflow Cami (May 22)
- <Possible follow-ups>
- Re: fdmount buffer overflow Vandoorselaere Yoann (May 23)
- Deerfield Communications MDaemon Mail Server DoS cassius () HUSHMAIL COM (May 24)
- Re: fdmount buffer overflow Katherine M. Moussouris (May 24)
- Re: fdmount buffer overflow Chmouel Boudjnah (May 23)
- Re: fdmount buffer overflow Christopher Schulte (May 24)