Bugtraq mailing list archives

Re: fdmount buffer overflow

From: chmouel () MANDRAKESOFT COM (Chmouel Boudjnah)
Date: Tue, 23 May 2000 19:40:55 +0200


Greg Olszewski <noop () NWONKNU ORG> writes:

Debian 2.1, 2.2, 2.3:  fdmount is NOT installed suid.
Mandrake 7.0: Vulnerable


All our security system is handle via msec, in this case we add a user
in the floppy group only if we are in level >= 3.

So we are not affected if by default you did an Server install or set
your security level to 4 5.

Indeed we are affected if (and only if) the user is in the floppy
group. A fix (remove suid root) come soon.

--
MandrakeSoft Inc                http://www.mandrakesoft.com
In travel.                                        --Chmouel

Current thread:

Re: fdmount buffer overflow Cami (May 22)
- <Possible follow-ups>
- Re: fdmount buffer overflow Vandoorselaere Yoann (May 23)
  - Deerfield Communications MDaemon Mail Server DoS cassius () HUSHMAIL COM (May 24)
  - Re: fdmount buffer overflow Katherine M. Moussouris (May 24)
- Re: fdmount buffer overflow Chmouel Boudjnah (May 23)
- Re: fdmount buffer overflow Christopher Schulte (May 24)