NetWinder.org - NetWinder security advisory Page

NAVIGATION

About
News
Support

Downloads
- Search
- Mirrors
- Auto update

Documentation
- FAQ
- HOWTOs
- ARM info
- Crusoe info

Development
- Toolchain
- Autobuild
- Users

Sponsored by:

NetWinder security advisory

ID	2000-002
Issued	2000-Feb-28
Updated	2000-Apr-27
Package	dump
Summary	Buffer overflow in dump
Category	Buffer overflow
Severity	Medium (local root compromise)
Products	Developer dm-3.1-15 and earlier
	OfficeServer os-1.5-4 and earlier

DESCRIPTION

An exploitable stack overrun has been found in the "dump" package. The "dump" utility can be run by any user to selectively create and restore backups to various media. In order to accomplish this, "dump" is installed setuid and setgid to root. "dump" is susceptible to a stack exploit if passed the -f flag followed by an oversized filename. The return address on the stack may be overwritten to point at user-specified code, which then runs with the effective gid of the process (gid of root).

SOLUTION

Download the following RPM packages to the NetWinder into a temporary directory, then install them with the command "rpm -Uvh *.rpm". Be sure there are no other files ending in ".rpm" in the temporary directory. See http://www.netwinder.org/security/install.html for more help.

Required packages

http://www.netwinder.org/updates/3.1-15/armv4l/dump-0.4b15-2.armv4l.rpm
http://www.netwinder.org/updates/3.1-15/armv4l/rmt-0.4b15-2.armv4l.rpm

Optional packages

http://www.netwinder.org/updates/3.1-15/armv4l/dump-static-0.4b15-2.armv4l.rpm
http://www.netwinder.org/updates/3.1-15/SRPMS/dump-0.4b15-2.src.rpm

REFERENCES

BugTraq (KimYongJun) http://www.securityfocus.com/vdb/bottom.html?vid=1020