5133545 2000-05-26  07:17  /37 rader/ Postmaster
Mottagare: Bugtraq (import) <11020>
Ärende: Buffer Overflow in fdmount (fwd)
------------------------------------------------------------
Approved-By: aleph1@SECURITYFOCUS.COM
Delivered-To: bugtraq@lists.securityfocus.com
Delivered-To: BUGTRAQ@SECURITYFOCUS.COM
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID:  <Pine.LNX.4.21.0005251849250.2815-100000@fuzzy.slackware.com>
Date:         Thu, 25 May 2000 18:49:30 -0700
Reply-To: "Patrick J. Volkerding" <volkerdi@SLACKWARE.COM>
Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
From: "Patrick J. Volkerding" <volkerdi@SLACKWARE.COM>
X-To:         BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM

---------- Forwarded message ----------
Date: Thu, 25 May 2000 17:12:46 -0700 (PDT)
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: Buffer Overflow in fdmount


fdmount vulnerability
---------------------

The fdmount program shipped with Slackware has been shown to be
vulnerable to a buffer overflow exploit.  A user must be in the
"floppy" group to execute fdmount, but because fdmount is suid root
this is a security problem.

A patched fdmount which replaces the offending sprintf() call with a
vsnprintf() (thus closing the hole and eliminating the security risk)
has been posted in an updated floppy.tgz package in
Slackware-current.  Please download the new floppy.tgz and run
upgradepkg on it.

ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/a1/floppy.tgz


- Slackware Security Team
  security@slackware.com
(5133545) ------------------------------------------(Ombruten)