|
|
Multiple Vendor "dump" Buffer Overflow Vulnerability
Solution: A work-around is to remove the setuid and setgid permissions from the file. KimYongJun <s96192@ce.hannam.ac.kr> included the following patch in his post to BugTraq on February 28, 2000: [root@loveyou SOURCES]# diff -ru dump-0.4b13/dump/main_orig.c dump-0.4b13/dump/main.c --- dump-0.4b13/dump/main_orig.c Mon Feb 28 14:40:01 2000 +++ dump-0.4b13/dump/main.c Mon Feb 28 14:40:57 2000 @@ -273,6 +273,9 @@ exit(X_STARTUP); } disk = *argv++; + if ( strlen(disk) > 255 ) + exit(X_STARTUP); + argc--; if (argc >= 1) { (void)fprintf(stderr, "Unknown arguments to dump:"); Fixes are available for TurboLInux at: ftp://ftp.turbolinux.com/pub/updates/6.0/security/dump-0.4b16-1.i386.rpm ftp://ftp.turbolinux.com/pub/updates/6.0/SRPMS/dump-0.4b16-1.src.rpm Fixes are available for Connectiva Linux at: ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/i386/dump-0.4b18-1cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/i386/rmt-0.4b18-1cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/i386/dump-0.4b18-1cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/i386/rmt-0.4b18-1cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/i386/dump-0.4b18-1cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/i386/rmt-0.4b18-1cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/i386/dump-0.4b18-1cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/i386/rmt-0.4b18-1cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/dump-0.4b18-1cl.i386.rpm ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/rmt-0.4b18-1cl.i386.rpm |
|
Privacy Statement |