Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Buffer Overflow in fdmount (fwd)

From: volkerdi () SLACKWARE COM (Patrick J. Volkerding)
Date: Thu, 25 May 2000 18:49:30 -0700

---------- Forwarded message ----------
Date: Thu, 25 May 2000 17:12:46 -0700 (PDT)
From: Slackware Security Team <security () slackware com>
To: slackware-security () slackware com
Subject: Buffer Overflow in fdmount

fdmount vulnerability
---------------------

The fdmount program shipped with Slackware has been shown to be vulnerable to
a buffer overflow exploit.  A user must be in the "floppy" group to execute
fdmount, but because fdmount is suid root this is a security problem.

A patched fdmount which replaces the offending sprintf() call with a
vsnprintf() (thus closing the hole and eliminating the security risk) has been
posted in an updated floppy.tgz package in Slackware-current.  Please download
the new floppy.tgz and run upgradepkg on it.

ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/a1/floppy.tgz

- Slackware Security Team
  security () slackware com
Previous By Date Next
Previous By Thread Next

Current thread: