Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Fw: CERT Advisory CA-99.12 - Buffer Overflow in amd

From: morex () OPALNETWORKS COM (morex)
Date: Thu, 16 Sep 1999 22:25:18 -0700

-----Original Message-----
From: CERT Advisory <cert-advisory () cert org>
To: cert-advisory () coal cert org <cert-advisory () coal cert org>
Date: Thursday, September 16, 1999 9:54 PM
Subject: CERT Advisory CA-99.12 - Buffer Overflow in amd


-----BEGIN PGP SIGNED MESSAGE-----

CERT Advisory CA-99-12 Buffer Overflow in amd

  Original release date: September 16, 1999
  Last revised: --
  Source: CERT/CC

  A complete revision history is at the end of this file.

Systems Affected

    * Systems running amd, the Berkeley Automounter Daemon

I. Description

  There is a buffer overflow vulnerability in the logging facility of
  the amd daemon.

  This daemon automatically mounts file systems in response to attempts
  to access files that reside on those file systems. Similar
  functionality on some systems is provided by a daemon named
  automountd.

  Systems that include automounter daemons based on BSD 4.x source code
  may also be vulnerable. A vulnerable implementation of amd is included
  in the am-utils package, provided with many Linux distributions.

II. Impact

  Remote intruders can execute arbitrary code as the user running the
  amd daemon (usually root).

III. Solution

Install a patch from your vendor

  Appendix A contains information provided by vendors for this advisory.
  We will update the appendix as we receive more information. If you do
  not see your vendor's name, the CERT/CC did not hear from that vendor.
  Please contact your vendor directly.

  We will update this advisory as more information becomes available.
  Please check the CERT/CC Web site for the most current revision.

Disable amd

  If you are unable to apply a patch for this problem, you can disable
  the amd daemon to prevent this vulnerability from being exploited.
  Disabling amd may prevent your system from operating normally.

Appendix A. Vendor Information

BSDI

  BSD/OS 4.0.1 and 3.1 are both vulnerable to this problem if amd has
  been configured. The amd daemon is not started if it has not been
  configured locally. Mods (M410-017 for 4.0.1 and M310-057) are
  available via ftp from ftp://ftp.bsdi.com/bsdi/patches or via our web
  site at http://www.bsdi.com/support/patches

Compaq Computer Corporation

  Not vulnerable

Data General

  DG/UX is not vulnerable to this problem.

Erez Zadok (am-utils maintainer)

  The latest stable version of am-utils includes several important
  security fixes. To retrieve it, use anonymous ftp for the following
  URL

  ftp://shekel.mcl.cs.columbia.edu/pub/am-utils/

  The MD5 checksum of the am-utils-6.0.1.tar.gz archive is

  MD5 (am-utils-6.0.1.tar.gz) = ac33a4394d30efb4ca47880cc5703999

  The simplest instructions to build, install, and run am-utils are as
  follows:
   1. Retrieve the package via FTP.
   2. Unpack it:
      $ gunzip am-utils-6.0.1.tar.gz
      $ tar xf am-utils-6.0.1.tar
      If you have GNU tar and gunzip, you can issue a single command:
      $ tar xzf am-utils-6.0.1.tar.gz
   3. Build it:
      $ cd am-utils-6.0.1
      $ ./buildall
      This would configure and build am-utils for installation in
      /usr/local. If you built am-utils in the past using a different
      procedure, you may repeat that procedure instead. For example, to
      build am-utils using shared libraries and to enable debugging, use
      either:
      $ ./buildall -Ds -b
      or
      $ ./configure --enable-debug=yes --enable-shared --disable-static
      You may run "./configure --help" to get a full list of available
      options. You may run "./buildall -H" to get a full list of options
      it offers. The buildall script is a simple wrapper script that
      configures and builds am-utils for the most common desired
      configurations.
   4. Install it:
      $ make install
      This would install the programs, scripts, libraries, manual pages,
      and info pages in /usr/local/{sbin,bin,lib,man,info}, etc.
   5. Run it.
      Assuming you have an Amd configuration file in /etc/amd.conf, you
      can simply run:
      $ /usr/local/sbin/ctl-amd restart
      That will stop the older running Amd, and start a new one. If you
      use a different Amd start-up script, you may use it instead.

FreeBSD

  Please see the FreeBSD advisory at

  ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-99:06.amd
         .asc

  for information on patches for this problem.

Fujitsu

  This vulnerability is still under investigation by Fujitsu.

Hewlett-Packard Company

  HP is not vulnerable.

IBM Corporation

  AIX is not vulnerable. It does not ship the am-utils package.

OpenBSD

  OpenBSD is not vulnerable.

RedHat Inc.

  RedHat has released a security advisory on this topic. It is available
  from our ftp server at:

  http://www.redhat.com/corp/support/errata/RHSA1999032_O1.html

SCO Unix

  No SCO products are vulnerable.

SGI

  SGI does not distribute am-utils in either IRIX or UNICOS operating
  systems.

Sun Microsystems, Inc.

  SunOS - All versions are not vulnerable.

  Solaris - All versions are not vulnerable.
    _________________________________________________________________

  The CERT Coordination Center would like to thank Erez Zadok, the
  maintainer of the am-utils package, for his assistance in preparing
  this advisory.
  ______________________________________________________________________

  This document is available from:
  http://www.cert.org/advisories/CA-99-12-amd.html
  ______________________________________________________________________

CERT/CC Contact Information

  Email: cert () cert org
         Phone: +1 412-268-7090 (24-hour hotline)
         Fax: +1 412-268-6989
         Postal address:
         CERT Coordination Center
         Software Engineering Institute
         Carnegie Mellon University
         Pittsburgh PA 15213-3890
         U.S.A.

  CERT personnel answer the hotline 08:00-20:00 EST(GMT-5) / EDT(GMT-4)
  Monday through Friday; they are on call for emergencies during other
  hours, on U.S. holidays, and on weekends.

Using encryption

  We strongly urge you to encrypt sensitive information sent by email.
  Our public PGP key is available from

  http://www.cert.org/CERT_PGP.key

  If you prefer to use DES, please call the CERT hotline for more
  information.

Getting security information

  CERT publications and other security information are available from
  our web site

  http://www.cert.org/

  To be added to our mailing list for advisories and bulletins, send
  email to cert-advisory-request () cert org and include SUBSCRIBE
  your-email-address in the subject of your message.

  Copyright 1999 Carnegie Mellon University.
  Conditions for use, disclaimers, and sponsorship information can be
  found in

  http://www.cert.org/legal_stuff.html

  * "CERT" and "CERT Coordination Center" are registered in the U.S.
  Patent and Trademark Office.
  ______________________________________________________________________

  NO WARRANTY
  Any material furnished by Carnegie Mellon University and the Software
  Engineering Institute is furnished on an "as is" basis. Carnegie
  Mellon University makes no warranties of any kind, either expressed or
  implied as to any matter including, but not limited to, warranty of
  fitness for a particular purpose or merchantability, exclusivity or
  results obtained from use of the material. Carnegie Mellon University
  does not make any warranty of any kind with respect to freedom from
  patent, trademark, or copyright infringement.
    _________________________________________________________________

  Revision History
Sep 16, 1999:  Initial release

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBN+E6AHVP+x0t4w7BAQHwJQP7B+ghNLVt5h9LGkALYqnL1jBz5557fpmo
6z4ylqHfyHTqXdmjKL89ZhaxkpowvSOTpsAvcWyks+6aRjM0tNeNHc0Omlwt26sW
fULp0NC1QZxoD7sK/9gJXxjulMPobDw/9MGtoKJi/snSwL7T7LDElz/6MrtII+0l
vJ/ECkjL4JQ=
=lGut
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: