[15010] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: fdmount buffer overflow

daemon@ATHENA.MIT.EDU (Chmouel Boudjnah)
Wed May 24 13:06:08 2000

Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id:  <m2itw5w4ew.fsf@vador.mandrakesoft.com>
Date:         Tue, 23 May 2000 19:40:55 +0200
Reply-To: Chmouel Boudjnah <chmouel@MANDRAKESOFT.COM>
From: Chmouel Boudjnah <chmouel@MANDRAKESOFT.COM>
X-To:         Greg Olszewski <noop@NWONKNU.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To:  Greg Olszewski's message of "Mon, 22 May 2000 14:28:44 -0700"

Greg Olszewski <noop@NWONKNU.ORG> writes:

> Debian 2.1, 2.2, 2.3:  fdmount is NOT installed suid.
> Mandrake 7.0: Vulnerable

All our security system is handle via msec, in this case we add a user
in the floppy group only if we are in level >= 3.

So we are not affected if by default you did an Server install or set
your security level to 4 5.

Indeed we are affected if (and only if) the user is in the floppy
group. A fix (remove suid root) come soon.

--
MandrakeSoft Inc                http://www.mandrakesoft.com
In travel.                                        --Chmouel


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[15010] in bugtraq

Re: fdmount buffer overflow

daemon@ATHENA.MIT.EDU (Chmouel Boudjnah)Wed May 24 13:06:08 2000

daemon@ATHENA.MIT.EDU (Chmouel Boudjnah)
Wed May 24 13:06:08 2000