Multiple Vendor "dump" Buffer Overflow Vulnerability

Solution:
A work-around is to remove the setuid and setgid permissions from the file.

KimYongJun <s96192@ce.hannam.ac.kr> included the following patch in his post to BugTraq on February 28, 2000:

[root@loveyou SOURCES]# diff -ru dump-0.4b13/dump/main_orig.c dump-0.4b13/dump/main.c
--- dump-0.4b13/dump/main_orig.c Mon Feb 28 14:40:01 2000
+++ dump-0.4b13/dump/main.c Mon Feb 28 14:40:57 2000
@@ -273,6 +273,9 @@
exit(X_STARTUP);
}
disk = *argv++;
+ if ( strlen(disk) > 255 )
+ exit(X_STARTUP);
+
argc--;
if (argc >= 1) {
(void)fprintf(stderr, "Unknown arguments to dump:");

Fixes are available for TurboLInux at:
ftp://ftp.turbolinux.com/pub/updates/6.0/security/dump-0.4b16-1.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/SRPMS/dump-0.4b16-1.src.rpm

Fixes are available for Connectiva Linux at:
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/i386/dump-0.4b18-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/i386/rmt-0.4b18-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/i386/dump-0.4b18-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/i386/rmt-0.4b18-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/i386/dump-0.4b18-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/i386/rmt-0.4b18-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/i386/dump-0.4b18-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/i386/rmt-0.4b18-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/dump-0.4b18-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/rmt-0.4b18-1cl.i386.rpm



 

Privacy Statement
Copyright 2010, SecurityFocus