Multiple Linux Vendor fdmount Buffer Overflow Vulnerability
BID:1239
Info
Multiple Linux Vendor fdmount Buffer Overflow Vulnerability
| Bugtraq ID: | 1239 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | May 22 2000 12:00AM |
| Updated: | May 22 2000 12:00AM |
| Credit: | This vulnerability was posted to the Bugtraq mailing list on May 22, 2000 by Arend-Jan Wijtzes <[email protected]> |
| Vulnerable: |
Turbolinux Turbolinux 6.0.2 Turbolinux Turbolinux 6.0.1 Turbolinux Turbolinux 6.0 SuSE Linux 7.0 SuSE Linux 6.4 SuSE Linux 6.3 SuSE Linux 6.2 SuSE Linux 6.1 SuSE Linux 6.0 SuSE Linux 5.3 SuSE Linux 5.2 SuSE Linux 5.1 SuSE Linux 5.0 SuSE Linux 4.4.1 SuSE Linux 4.4 SuSE Linux 4.3 SuSE Linux 4.2 Slackware OpenLinux 7.0 Slackware Linux 4.0 Slackware Linux 3.9 Slackware Linux 3.6 Slackware Linux 3.5 Slackware Linux 3.4 Slackware Linux 3.3 |
| Not Vulnerable: |
Redhat Linux 6.2 sparc Redhat Linux 6.2 i386 Redhat Linux 6.1 sparc Redhat Linux 6.1 i386 Redhat Linux 6.1 alpha Redhat Linux 6.0 sparc Redhat Linux 6.0 alpha Redhat Linux 6.0 Redhat Linux 5.2 sparc Redhat Linux 5.2 i386 Redhat Linux 5.2 alpha Redhat Linux 5.1 Redhat Linux 5.0 Debian Linux 2.3 Debian Linux 2.2 Debian Linux 2.1 |
Discussion
Multiple Linux Vendor fdmount Buffer Overflow Vulnerability
A buffer overflow exists in the 0.8 version of the fdmount program, distributed with a number of popular versions of Linux. By supplying a large, well crafted buffer containing machine executable code in place of the mount point, it is possible for users in the 'floppy' group to execute arbitrary commands as root.
This vulnerability exists in versions of S.u.S.E., 4.0 and later, as well as Mandrake Linux 7.0. TurboLinux 6.0 and earlier ships with fdmount suid root, but users are not automatically added to the 'floppy' group. This list is by no means meant to be complete; other Linux distributions may be affected. To check if you're affected, check for the presence of the setuid bit on the binary. If it is present, and the binary is either world executable, or group 'floppy' executable, you are affected and should take action immediately.
A buffer overflow exists in the 0.8 version of the fdmount program, distributed with a number of popular versions of Linux. By supplying a large, well crafted buffer containing machine executable code in place of the mount point, it is possible for users in the 'floppy' group to execute arbitrary commands as root.
This vulnerability exists in versions of S.u.S.E., 4.0 and later, as well as Mandrake Linux 7.0. TurboLinux 6.0 and earlier ships with fdmount suid root, but users are not automatically added to the 'floppy' group. This list is by no means meant to be complete; other Linux distributions may be affected. To check if you're affected, check for the presence of the setuid bit on the binary. If it is present, and the binary is either world executable, or group 'floppy' executable, you are affected and should take action immediately.
Exploit / POC
Multiple Linux Vendor fdmount Buffer Overflow Vulnerability
Exploit available:
Exploit available:
Solution / Fix
Multiple Linux Vendor fdmount Buffer Overflow Vulnerability
Solution:
MandrakeSoft has provided a source patch to this problem. It is expected that both MandrakeSoft and SuSE will release RPM's to fix this problem shortly.
A suitable solution may be to remove the setuid bit on the fdmount binary, or remove non-trusted users from the 'floppy' group.
Solution:
MandrakeSoft has provided a source patch to this problem. It is expected that both MandrakeSoft and SuSE will release RPM's to fix this problem shortly.
A suitable solution may be to remove the setuid bit on the fdmount binary, or remove non-trusted users from the 'floppy' group.
References
Multiple Linux Vendor fdmount Buffer Overflow Vulnerability
References:
References: