"Alexander O. Yuriev" <[EMAIL PROTECTED]> writes: > I trust you are all aware of the information released to > bugtraq/linux-security and linux-alert mailing lists about the vulnerability > of mount/umount utilities in Linux. > I'd really appreciate if you provide some official information on > your distribution specific fixes for the upcoming Linux Security FAQ > Update...
Here's the note we sent out yesterday: Recently a security hole was found in the mount program that comes with many Linux distributions, including Red Hat Linux. mount and umount are normally installed setUID root to allow users to perform mount and unmount operations. Unfortunately, they do not check the length of the information passed to them, creating a buffer overflow problem. For more details, visit the BugTraq mailing-list archives at http://www.eecs.nwu.edu/~jmyers/bugtraq/index.html This hole allows anyone with an account on a system to obtain root access. Affected systems: - All systems running all versions of Red Hat Linux. Users of versions of Red Hat less than 3.0.3 are advised to upgrade to 3.0.3, since many other problems are fixed in the upgrade. If you are running: * Red Hat Linux 3.0.3 (Picasso) on the Intel architecture, get - ftp://ftp.redhat.com/pub/redhat/redhat-3.0.3/i386/updates/RPMS/ util-linux-2.5-11fix.i386.rpm mount-2.5k-1.i386.rpm And install them in that order using 'rpm -Uvh [rpm filename]' * Red Hat Linux 3.0.3 (Picasso) on the Intel architecture, get - ftp://ftp.redhat.com/pub/redhat/redhat-3.0.3/axp/updates/RPMS/ util-linux-2.5-11fix.axp.rpm mount-2.5k-1.axp.rpm And install them in that order using 'rpm -Uvh [rpm filename]' * Red Hat Linux 3.0.4 (Rembrandt) beta on the Intel, get - ftp://ftp.redhat.com/pub/redhat/rembrandt/i386/updates/RPMS/ mount-2.5k-2.i386.rpm * Red Hat Linux 3.0.4 (Rembrandt) beta on the Sparc, get - ftp://ftp.redhat.com/pub/redhat/rembrandt/sparc/updates/RPMS/ mount-2.5k-2.sparc.rpm [Aside: There is no difference between mount-2.5k-1 and -2 except the package format.] All RPMs are PGP-signed with the [EMAIL PROTECTED] key. The source RPMs will be available in the normal locations. MD5SUM's: ad9b0628b6af9957d7b5eb720bbe632b mount-2.5k-1.axp.rpm 12cb19ec4b3060f8d1cedff77bda7c05 util-linux-2.5-11fix.axp.rpm 26506a3c0066b8954d80deff152e0229 mount-2.5k-1.i386.rpm f48c6bf901dd5d2c476657d6b75b12a5 util-linux-2.5-11fix.i386.rpm 7337f8796318f3b13f2dccb4a8f10b1a mount-2.5k-2.i386.rpm e68ff642a7536f3be4da83eedc14dd76 mount-2.5k-2.sparc.rpm Thanks to Bloodmask, Vio, and others on the BugTraq list for discovering this hole and providing patches.
