Multiple Vendor mopd Buffer Overflow Vulnerability
BID:1558
Info
Multiple Vendor mopd Buffer Overflow Vulnerability
| Bugtraq ID: | 1558 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 08 2000 12:00AM |
| Updated: | Aug 08 2000 12:00AM |
| Credit: | This vulnerability was posted to the Bugtraq mailing list on August 8, 2000 by Matt Power <[email protected]> |
| Vulnerable: |
Redhat PowerTools 6.2 Redhat PowerTools 6.1 Redhat PowerTools 6.0 OpenBSD OpenBSD 2.7 OpenBSD OpenBSD 2.6 OpenBSD OpenBSD 2.5 OpenBSD OpenBSD 2.4 NetBSD NetBSD 1.4.2 x86 NetBSD NetBSD 1.4.2 SPARC NetBSD NetBSD 1.4.2 arm32 NetBSD NetBSD 1.4.2 Alpha NetBSD NetBSD 1.4.1 x86 NetBSD NetBSD 1.4.1 SPARC NetBSD NetBSD 1.4.1 arm32 NetBSD NetBSD 1.4.1 Alpha |
| Not Vulnerable: | |
Discussion
Multiple Vendor mopd Buffer Overflow Vulnerability
A buffer overflow exists in the mopd daemon, shipped with a number of popular operating systems. By supplying a long file name from a client, containing machine executable code, it is possible to execute arbitrary commands on the machine running mopd.
To check for a vulnerable version, it is possible to look in the mopProcessDL() function, in process.c. If the pfile[] buffer is declared to be 17 bytes, it is vulnerable.
A buffer overflow exists in the mopd daemon, shipped with a number of popular operating systems. By supplying a long file name from a client, containing machine executable code, it is possible to execute arbitrary commands on the machine running mopd.
To check for a vulnerable version, it is possible to look in the mopProcessDL() function, in process.c. If the pfile[] buffer is declared to be 17 bytes, it is vulnerable.
Exploit / POC
Multiple Vendor mopd Buffer Overflow Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent inform
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent inform
Solution / Fix
Multiple Vendor mopd Buffer Overflow Vulnerability
NetBSD NetBSD 1.4.1 Alpha
NetBSD NetBSD 1.4.1 x86
NetBSD NetBSD 1.4.1 arm32
NetBSD NetBSD 1.4.1 SPARC
NetBSD NetBSD 1.4.2 x86
NetBSD NetBSD 1.4.2 arm32
NetBSD NetBSD 1.4.2 Alpha
NetBSD NetBSD 1.4.2 SPARC
OpenBSD OpenBSD 2.4
OpenBSD OpenBSD 2.6
OpenBSD OpenBSD 2.7
Redhat PowerTools 6.2
NetBSD NetBSD 1.4.1 Alpha
NetBSD NetBSD 1.4.1 x86
NetBSD NetBSD 1.4.1 arm32
NetBSD NetBSD 1.4.1 SPARC
NetBSD NetBSD 1.4.2 x86
NetBSD NetBSD 1.4.2 arm32
NetBSD NetBSD 1.4.2 Alpha
NetBSD NetBSD 1.4.2 SPARC
OpenBSD OpenBSD 2.4
-
OpenBSD 018_mopd.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/018_mopd.patch
OpenBSD OpenBSD 2.6
-
OpenBSD 018_mopd.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/018_mopd.patch
OpenBSD OpenBSD 2.7
-
OpenBSD 018_mopd.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/018_mopd.patch
Redhat PowerTools 6.2
-
Red Hat Inc. 6.2 alpha mopd-linux-2.5.3-15.alpha.rpm
ftp://updates.redhat.com/powertools/6.2/alpha/mopd-linux-2.5.3-15.alph a.rpm -
Red Hat Inc. 6.2 i386 mopd-linux-2.5.3-15.i386.rpm
ftp://updates.redhat.com/powertools/6.2/i386/mopd-linux-2.5.3-15.i386. rpm -
Red Hat Inc. 6.2 sparc mopd-linux-2.5.3-15.sparc.rpm
ftp://updates.redhat.com/powertools/6.2/sparc/mopd-linux-2.5.3-15.spar c.rpm
References
Multiple Vendor mopd Buffer Overflow Vulnerability
References:
References:
- NetBSD Security Page (NetBSD)
- OpenBSD Security Information (OpenBSD)
- Updates, Fixes, and Errata Page (RedHat)