[3577] in bugtraq
Re: Linux & BSD's umount exploit
daemon@ATHENA.MIT.EDU (David J. Meltzer)
Wed Oct 30 14:27:28 1996
Date: Wed, 30 Oct 1996 13:33:39 -0500
Reply-To: "David J. Meltzer" <davem@iss.net>
From: "David J. Meltzer" <davem@iss.net>
X-To: Paulo Jorge Alves Oliveira <pjao@dux.isec.pt>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <3275ECCC.3A24307E@dux.isec.pt>
> there is a bug in berkeley-derived umount, which allows attacker to
> get root access (see freebsd-security for details). Here is exploit for
> Linux (tested on 2.0.XX), for BSD (tested on FreeBSD 2.1) and a quick
> soluction.
>
This is not a new hole, this is the same buffer overflow that was found
months ago and that others published on bugtraq and elsewhere quite a
while ago. This is also the same thing that a CERT vendor bulletin was
issued on.
As for the exploit, this is the 3rd one I have seen that duplicates the
functionality of the original sno.c code that was used to exploit it.
Dave
--------------------------------+---------------------
David J. Meltzer | Email: davem@iss.net
Systems Engineer | Web: www.iss.net
Internet Security Systems, Inc. | Fax: (770)395-1972
