Bugtraq mailing list archives
Re: fdmount buffer overflow
From: chmouel () MANDRAKESOFT COM (Chmouel Boudjnah)
Date: Tue, 23 May 2000 19:40:55 +0200
Greg Olszewski <noop () NWONKNU ORG> writes:
Debian 2.1, 2.2, 2.3: fdmount is NOT installed suid. Mandrake 7.0: Vulnerable
All our security system is handle via msec, in this case we add a user in the floppy group only if we are in level >= 3. So we are not affected if by default you did an Server install or set your security level to 4 5. Indeed we are affected if (and only if) the user is in the floppy group. A fix (remove suid root) come soon. -- MandrakeSoft Inc http://www.mandrakesoft.com In travel. --Chmouel
Current thread:
- Re: fdmount buffer overflow Cami (May 22)
- <Possible follow-ups>
- Re: fdmount buffer overflow Vandoorselaere Yoann (May 23)
- Deerfield Communications MDaemon Mail Server DoS cassius () HUSHMAIL COM (May 24)
- Re: fdmount buffer overflow Katherine M. Moussouris (May 24)
- Re: fdmount buffer overflow Chmouel Boudjnah (May 23)
- Re: fdmount buffer overflow Christopher Schulte (May 24)