Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1996_4

Bugtraq archives for 4th quarter (Oct-Dec) 1996: Re: [linux-security] ncpmount/ncpumount

Re: [linux-security] ncpmount/ncpumount

Thomas Roessler (roesslersobolev.rhein.de)
Mon, 21 Oct 1996 09:30:50 GMT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Henrik P Johnson: "Re: Urgent !! Serious Linux Security Bug...."
Previous message: Kristian =?ISO-8859-1?Q?K=F6hntopp?=: "What about smbmount? (was: [linux-security] ncpmount/ncpumount)"
Maybe in reply to: Runar Jensen: "[linux-security] ncpmount/ncpumount"
Next in thread: Alan Cox: "Re: [linux-security] ncpmount/ncpumount"

In article <199610140007.TAA32256dancer.1stnet.com>, Runar Jensen wrote:

>I haven't had a chance to look at the source code yet, but it appears that
>ncpmount and ncpumount suffer from exactly the same problem that mount and
>umount did. In fact, the mount exploit that was so widely circulated works
>with ncpumount with no modifications.

The buffer overflow you are referring to is hidden in the realpath(3)
function.  So the mount programs are the wrong ones to blame.  Rather
update your C library.

tlr
--
Thomas Roessler                           http://www.rhein.de/~roessler/

Next message: Henrik P Johnson: "Re: Urgent !! Serious Linux Security Bug...."
Previous message: Kristian =?ISO-8859-1?Q?K=F6hntopp?=: "What about smbmount? (was: [linux-security] ncpmount/ncpumount)"
Maybe in reply to: Runar Jensen: "[linux-security] ncpmount/ncpumount"
Next in thread: Alan Cox: "Re: [linux-security] ncpmount/ncpumount"