yoannMANDRAKESOFT.COM

• Next message: rpc: "infosrch.cgi 'interactive' shell"
• Previous message: AXENT Security Team: "RFP2K05 - NetProwler "Fragmentation" Issue"
• Next in thread: Katherine M. Moussouris: "Re: fdmount buffer overflow"
• Maybe reply: Vandoorselaere Yoann: "Re: fdmount buffer overflow"
• Reply: Katherine M. Moussouris: "Re: fdmount buffer overflow"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Chmouel Boudjnah <chmouelmandrakesoft.com> writes:

> Greg Olszewski <noopNWONKNU.ORG> writes:
>
> > Debian 2.1, 2.2, 2.3: fdmount is NOT installed suid.
> > Mandrake 7.0: Vulnerable
>
> All our security system is handle via msec, in this case we add a user
> in the floppy group only if we are in level >= 3.
>
> So we are not affected if by default you did an Server install or set
> your security level to 4 5.
>
> Indeed we are affected if (and only if) the user is in the floppy
> group. A fix (remove suid root) come soon.

Here is a patch to correct the fdmount problem...

--- fdmount.c.orig Tue May 23 18:48:40 2000
+++ fdmount.c Tue May 23 18:49:04 2000
-127,9 +127,10

 void errmsg(char *text,...) {
     char buff[80];
+
     va_list p;
     va_start(p,text);
- vsprintf(buff,text,p);
+ vsnprintf(buff, 80, text,p);
     va_end(p);
     if(use_syslog)
        syslog(LOG_ERR, "%s: %s\n",curdev,buff);

--
                   -- Yoann,  http://www.mandrakesoft.com/~yoann/
     It is well known that M$ products don't call free() after a malloc().
     The Unix community wish them good luck for their future developments.

• Next message: rpc: "infosrch.cgi 'interactive' shell"
• Previous message: AXENT Security Team: "RFP2K05 - NetProwler "Fragmentation" Issue"
• Next in thread: Katherine M. Moussouris: "Re: fdmount buffer overflow"
• Maybe reply: Vandoorselaere Yoann: "Re: fdmount buffer overflow"
• Reply: Katherine M. Moussouris: "Re: fdmount buffer overflow"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]