[3578] in bugtraq
Re: Linux & BSD's umount exploit
daemon@ATHENA.MIT.EDU (owner-bugtraq@netspace.org)
Wed Oct 30 23:30:58 1996
Date: Wed, 30 Oct 1996 14:15:35 -0500
From: <owner-bugtraq@netspace.org>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
Dave Meltzer wrote:
This is not a new hole, this is the same buffer overflow that was found
months ago and that others published on bugtraq and elsewhere quite a
while ago. This is also the same thing that a CERT vendor bulletin was
issued on.
As for the exploit, this is the 3rd one I have seen that duplicates the
functionality of the original sno.c code that was used to exploit it.
-----
To which I _have_ to respond (cuz dave's a cool guy and he'll take this
the right way ;-))
The mount/umount bug has been known for _quite_ some time (much more than
a couple of months... much much more). As a matter of fact, it was
even brought up at the last Usenix Security Symposium... much to
Ranum's surprise (was it feigned?).
Sno.c was by no means the first bit of code used to exploit this hole. On
top of that, the sno.c code duplicates the functionality and uses the same
'lifted' code as several other buffer overflow sploits floating
around these days.
.mudge
