Autor: Romuald Zylla, Lodz Tech.Univ. Poland (zylla_at_lodz1.p.lodz.pl)
Data: Fri 16 Aug 1996 - 08:47:31 MET DST
Poniewaz na tej liscie jest sporo fanow Linuxa przesylam ostrzezenie.
Jesli jest przestarzale to prosze mnie opierdzielic.
Romek
Linux Vulnerabilities in mount and umount Programs
August 15, 1996 16:00 GMT Number G-38
______________________________________________________________________________
PROBLEM: A security hole has been identified in the mount and umount
programs.
PLATFORM: All systems running current distributions of Linux including
all versions of Red Hat Linux.
DAMAGE: This vulnerability may allow any user with an account
on a system to obtain root access.
SOLUTION: Read and implement the workaround and/or patches described
below.
______________________________________________________________________________
VULNERABILITY This vulnerability is becoming widely known. CIAC recommends
ASSESSMENT: implementing the workaround and/or patches as soon as possible.
______________________________________________________________________________
The mount and umount programs are normally installed with setUID root to
allow users to perform mount and unmount operations. However, they do not
check the length of the information being passed, thereby creating a buffer
overflow problem.
******************************************************************************
Operating Systems Tested: All current distributions of Linux
******************************************************************************
Effect: Local users on systems affected can gain overflow mounts syntax
buffer and execute a shell by overwriting the stack.
Effected binaries:
(/bin/mount and /bin/umount)
Workaround:
On all current distributions of Linux remove suid bit of /bin/mount and
/bin/umount.
[chmod -s /bin/mount; chmod -s /bin/umount]
******************************************************************************
******************************************************************************
Operating Systems Tested: All versions of Red Hat Linux
******************************************************************************
Users of versions of Red Hat less than 3.0.3 are advised to upgrade to
3.0.3, since many other problems are fixed in the upgrade.
If you are running:
* Red Hat Linux 3.0.3 (Picasso) on the Intel architecture, get
- ftp://ftp.redhat.com/pub/redhat/redhat-3.0.3/i386/updates/RPMS/
util-linux-2.5-11fix.i386.rpm
mount-2.5k-1.i386.rpm
And install them in that order using 'rpm -Uvh [rpm filename]'
* Red Hat Linux 3.0.3 (Picasso) on the Alpha architecture, get
- ftp://ftp.redhat.com/pub/redhat/redhat-3.0.3/axp/updates/RPMS/
util-linux-2.5-11fix.axp.rpm
mount-2.5k-1.axp.rpm
And install them in that order using 'rpm -Uvh [rpm filename]'
* Red Hat Linux 3.0.4 (Rembrandt) beta on the Intel, get
- ftp://ftp.redhat.com/pub/redhat/rembrandt/i386/updates/RPMS/
mount-2.5k-2.i386.rpm
* Red Hat Linux 3.0.4 (Rembrandt) beta on the Sparc, get
- ftp://ftp.redhat.com/pub/redhat/rembrandt/sparc/updates/RPMS/
mount-2.5k-2.sparc.rpm
[Aside: There is no difference between mount-2.5k-1 and -2 except
the package format.]
All RPMs are PGP-signed with the redhat_at_redhat.com key.
The source RPMs will be available in the normal locations.
MD5SUM's:
ad9b0628b6af9957d7b5eb720bbe632b mount-2.5k-1.axp.rpm
12cb19ec4b3060f8d1cedff77bda7c05 util-linux-2.5-11fix.axp.rpm
26506a3c0066b8954d80deff152e0229 mount-2.5k-1.i386.rpm
f48c6bf901dd5d2c476657d6b75b12a5 util-linux-2.5-11fix.i386.rpm
7337f8796318f3b13f2dccb4a8f10b1a mount-2.5k-2.i386.rpm
e68ff642a7536f3be4da83eedc14dd76 mount-2.5k-2.sparc.rpm
Thanks to Bloodmask, Vio, and others on the BugTraq list for discovering
this hole and providing patches.
******************************************************************************
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
-------- PeCetologia to nauka eksperymentalna --------
To archiwum zostało wygenerowane przez hypermail 2.1.7 : Tue 18 May 2004 - 12:52:03 MET DST