Copyright 2024 - CSIM - Asian Institute of Technology

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

-----BEGIN PGP SIGNED MESSAGE-----

CERT Advisory CA-99-12 Buffer Overflow in amd

   Original release date: September 16, 1999
   Last revised: --
   Source: CERT/CC
   
   A complete revision history is at the end of this file.
   
Systems Affected

     * Systems running amd, the Berkeley Automounter Daemon
       
I. Description

   There is a buffer overflow vulnerability in the logging facility of
   the amd daemon.
   
   This daemon automatically mounts file systems in response to attempts
   to access files that reside on those file systems. Similar
   functionality on some systems is provided by a daemon named
   automountd.
   
   Systems that include automounter daemons based on BSD 4.x source code
   may also be vulnerable. A vulnerable implementation of amd is included
   in the am-utils package, provided with many Linux distributions.
   
II. Impact

   Remote intruders can execute arbitrary code as the user running the
   amd daemon (usually root).
   
III. Solution

Install a patch from your vendor

   Appendix A contains information provided by vendors for this advisory.
   We will update the appendix as we receive more information. If you do
   not see your vendor's name, the CERT/CC did not hear from that vendor.
   Please contact your vendor directly.
   
   We will update this advisory as more information becomes available.
   Please check the CERT/CC Web site for the most current revision.
   
Disable amd

   If you are unable to apply a patch for this problem, you can disable
   the amd daemon to prevent this vulnerability from being exploited.
   Disabling amd may prevent your system from operating normally.
   
Appendix A. Vendor Information

BSDI

   BSD/OS 4.0.1 and 3.1 are both vulnerable to this problem if amd has
   been configured. The amd daemon is not started if it has not been
   configured locally. Mods (M410-017 for 4.0.1 and M310-057) are
   available via ftp from ftp://ftp.bsdi.com/bsdi/patches or via our web
   site at http://www.bsdi.com/support/patches
   
Compaq Computer Corporation

   Not vulnerable
   
Data General

   DG/UX is not vulnerable to this problem.
   
Erez Zadok (am-utils maintainer)

   The latest stable version of am-utils includes several important
   security fixes. To retrieve it, use anonymous ftp for the following
   URL
   
   ftp://shekel.mcl.cs.columbia.edu/pub/am-utils/
          
   The MD5 checksum of the am-utils-6.0.1.tar.gz archive is
   
   MD5 (am-utils-6.0.1.tar.gz) = ac33a4394d30efb4ca47880cc5703999
          
   The simplest instructions to build, install, and run am-utils are as
   follows:
    1. Retrieve the package via FTP.
    2. Unpack it:
       $ gunzip am-utils-6.0.1.tar.gz
       $ tar xf am-utils-6.0.1.tar
       If you have GNU tar and gunzip, you can issue a single command:
       $ tar xzf am-utils-6.0.1.tar.gz
    3. Build it:
       $ cd am-utils-6.0.1
       $ ./buildall
       This would configure and build am-utils for installation in
       /usr/local. If you built am-utils in the past using a different
       procedure, you may repeat that procedure instead. For example, to
       build am-utils using shared libraries and to enable debugging, use
       either:
       $ ./buildall -Ds -b
       or
       $ ./configure --enable-debug=yes --enable-shared --disable-static
       You may run "./configure --help" to get a full list of available
       options. You may run "./buildall -H" to get a full list of options
       it offers. The buildall script is a simple wrapper script that
       configures and builds am-utils for the most common desired
       configurations.
    4. Install it:
       $ make install
       This would install the programs, scripts, libraries, manual pages,
       and info pages in /usr/local/{sbin,bin,lib,man,info}, etc.
    5. Run it.
       Assuming you have an Amd configuration file in /etc/amd.conf, you
       can simply run:
       $ /usr/local/sbin/ctl-amd restart
       That will stop the older running Amd, and start a new one. If you
       use a different Amd start-up script, you may use it instead.
       
FreeBSD

   Please see the FreeBSD advisory at
   
   ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-99:06.amd
          .asc
          
   for information on patches for this problem.
   
Fujitsu

   This vulnerability is still under investigation by Fujitsu.
   
Hewlett-Packard Company

   HP is not vulnerable.
   
IBM Corporation

   AIX is not vulnerable. It does not ship the am-utils package.
   
OpenBSD

   OpenBSD is not vulnerable.
   
RedHat Inc.

   RedHat has released a security advisory on this topic. It is available
   from our ftp server at:
   
   http://www.redhat.com/corp/support/errata/RHSA1999032_O1.html
          
SCO Unix

   No SCO products are vulnerable.
   
SGI

   SGI does not distribute am-utils in either IRIX or UNICOS operating
   systems.
   
Sun Microsystems, Inc.

   SunOS - All versions are not vulnerable.
   
   Solaris - All versions are not vulnerable.
     _________________________________________________________________
   
   The CERT Coordination Center would like to thank Erez Zadok, the
   maintainer of the am-utils package, for his assistance in preparing
   this advisory.
   ______________________________________________________________________
   
   This document is available from:
   http://www.cert.org/advisories/CA-99-12-amd.html
   ______________________________________________________________________
   
CERT/CC Contact Information

   Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
          Phone: +1 412-268-7090 (24-hour hotline)
          Fax: +1 412-268-6989
          Postal address:
          CERT Coordination Center
          Software Engineering Institute
          Carnegie Mellon University
          Pittsburgh PA 15213-3890
          U.S.A.
          
   CERT personnel answer the hotline 08:00-20:00 EST(GMT-5) / EDT(GMT-4)
   Monday through Friday; they are on call for emergencies during other
   hours, on U.S. holidays, and on weekends.
   
Using encryption

   We strongly urge you to encrypt sensitive information sent by email.
   Our public PGP key is available from
   
   http://www.cert.org/CERT_PGP.key
       
   If you prefer to use DES, please call the CERT hotline for more
   information.
   
Getting security information

   CERT publications and other security information are available from
   our web site
   
   http://www.cert.org/
       
   To be added to our mailing list for advisories and bulletins, send
   email to This email address is being protected from spambots. You need JavaScript enabled to view it. and include SUBSCRIBE
   your-email-address in the subject of your message.
   
   Copyright 1999 Carnegie Mellon University.
   Conditions for use, disclaimers, and sponsorship information can be
   found in
   
   http://www.cert.org/legal_stuff.html
       
   * "CERT" and "CERT Coordination Center" are registered in the U.S.
   Patent and Trademark Office.
   ______________________________________________________________________
   
   NO WARRANTY
   Any material furnished by Carnegie Mellon University and the Software
   Engineering Institute is furnished on an "as is" basis. Carnegie
   Mellon University makes no warranties of any kind, either expressed or
   implied as to any matter including, but not limited to, warranty of
   fitness for a particular purpose or merchantability, exclusivity or
   results obtained from use of the material. Carnegie Mellon University
   does not make any warranty of any kind with respect to freedom from
   patent, trademark, or copyright infringement.
     _________________________________________________________________
   
   Revision History
Sep 16, 1999:  Initial release

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBN+E6AHVP+x0t4w7BAQHwJQP7B+ghNLVt5h9LGkALYqnL1jBz5557fpmo
6z4ylqHfyHTqXdmjKL89ZhaxkpowvSOTpsAvcWyks+6aRjM0tNeNHc0Omlwt26sW
fULp0NC1QZxoD7sK/9gJXxjulMPobDw/9MGtoKJi/snSwL7T7LDElz/6MrtII+0l
vJ/ECkjL4JQ=
=lGut
-----END PGP SIGNATURE-----


Powered by: MHonArc

Login Form

Search

School of Engineering and technologies     Asian Institute of Technology