Date: Wed, 24 May 2000 15:04:27 -0700 From: "Katherine M. Moussouris" <k8e@TURBOLINUX.COM> Subject: Re: fdmount buffer overflow To: BUGTRAQ@SECURITYFOCUS.COM FYI, TurboLinux is also NOT affected "as shipped" by this particular vulnerability, because users are never automatically added to the floppy group. fdmount *is* suid root, however, and we will be releasing an updated package shortly. -k8e On Tue, 23 May 2000, Vandoorselaere Yoann wrote: > Chmouel Boudjnah <chmouel@mandrakesoft.com> writes: > > > Greg Olszewski <noop@NWONKNU.ORG> writes: > > > > > Debian 2.1, 2.2, 2.3: fdmount is NOT installed suid. > > > Mandrake 7.0: Vulnerable > > > > All our security system is handle via msec, in this case we add a user > > in the floppy group only if we are in level >= 3. > > > > So we are not affected if by default you did an Server install or set > > your security level to 4 5. > > > > Indeed we are affected if (and only if) the user is in the floppy > > group. A fix (remove suid root) come soon. > > Here is a patch to correct the fdmount problem... > > --- fdmount.c.orig Tue May 23 18:48:40 2000 > +++ fdmount.c Tue May 23 18:49:04 2000 > @@ -127,9 +127,10 @@ > > void errmsg(char *text,...) { > char buff[80]; > + > va_list p; > va_start(p,text); > - vsprintf(buff,text,p); > + vsnprintf(buff, 80, text,p); > va_end(p); > if(use_syslog) > syslog(LOG_ERR, "%s: %s\n",curdev,buff); > > > -- > -- Yoann, http://www.mandrakesoft.com/~yoann/ > It is well known that M$ products don't call free() after a malloc(). > The Unix community wish them good luck for their future developments. > >>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<< Katie Moussouris Software Engineer k8e@turbolinux.com Security Tzarina (650)228-5000 TurboLinux, Inc.