|
DESCRIPTION An exploitable stack overrun has been found in the "dump" package. The "dump" utility can be run by any user to selectively create and restore backups to various media. In order to accomplish this, "dump" is installed setuid and setgid to root. "dump" is susceptible to a stack exploit if passed the -f flag followed by an oversized filename. The return address on the stack may be overwritten to point at user-specified code, which then runs with the effective gid of the process (gid of root). SOLUTION Download the following RPM packages to the NetWinder into a temporary
directory, then install them with the command "rpm -Uvh *.rpm". Be sure
there are no other files ending in ".rpm" in the temporary directory. See
http://www.netwinder.org/security/install.html for more help. Required packages http://www.netwinder.org/updates/3.1-15/armv4l/dump-0.4b15-2.armv4l.rpm Optional packages http://www.netwinder.org/updates/3.1-15/armv4l/dump-static-0.4b15-2.armv4l.rpm REFERENCES BugTraq (KimYongJun) http://www.securityfocus.com/vdb/bottom.html?vid=1020 |