Bugtraq mailing list archives

Re: Linux & BSD's umount exploit

From: owner-bugtraq () netspace org (Alan Cox)
Date: Wed, 30 Oct 1996 14:15:35 -0500


Dave Meltzer wrote:

This is not a new hole, this is the same buffer overflow that was found
months ago and that others published on bugtraq and elsewhere quite a
while ago.  This is also the same thing that a CERT vendor bulletin was
issued on.
As for the exploit, this is the 3rd one I have seen that duplicates the
functionality of the original sno.c code that was used to exploit it.

-----

To which I _have_ to respond (cuz dave's a cool guy and he'll take this
the right way ;-))

The mount/umount bug has been known for _quite_ some time (much more than
a couple of months... much much more). As a matter of fact, it was
even brought up at the last Usenix Security Symposium... much to
Ranum's surprise (was it feigned?).

Sno.c was by no means the first bit of code used to exploit this hole. On
top of that, the sno.c code duplicates the functionality and uses the same
'lifted' code as several other buffer overflow sploits floating
around these days.

.mudge

Current thread:

Linux & BSD's umount exploit Paulo Jorge Alves Oliveira (Oct 29)
- Re: Linux & BSD's umount exploit David J. Meltzer (Oct 30)
- <Possible follow-ups>
- Re: Linux & BSD's umount exploit Mike Bremford (Oct 30)
- Re: Linux & BSD's umount exploit Alan Cox (Oct 30)