[Please upgrade if you're using Slackware. Most other distributions appear not to be vulnerable. However, if you're using some funky distribution please do a search for ``fdmount'' at securityfocus.com -- Raju]
---------- Forwarded message ---------- Date: Thu, 25 May 2000 17:12:46 -0700 (PDT) From: Slackware Security Team <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Buffer Overflow in fdmount fdmount vulnerability --------------------- The fdmount program shipped with Slackware has been shown to be vulnerable to a buffer overflow exploit. A user must be in the "floppy" group to execute fdmount, but because fdmount is suid root this is a security problem. A patched fdmount which replaces the offending sprintf() call with a vsnprintf() (thus closing the hole and eliminating the security risk) has been posted in an updated floppy.tgz package in Slackware-current. Please download the new floppy.tgz and run upgradepkg on it. ftp://ftp.slackware.com/pub/slackware/slackware-current/slakware/a1/floppy.tgz - Slackware Security Team [EMAIL PROTECTED]
----------------------------------------------------------------------- For more information on the LIH mailing list see: http://lists.linux-india.org/lists/LIH
