• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Multiple Linux Vendor fdmount Buffer Overflow Vulnerability

Severity: MODERATE

Description:

A buffer overflow exists in the 0.8 version of the fdmount program, distributed with a number of popular versions of Linux. By supplying a large, well crafted buffer containing machine executable code in place of the mount point, it is possible for users in the 'floppy' group to execute arbitrary commands as root.

This vulnerability exists in versions of S.u.S.E., 4.0 and later, as well as Mandrake Linux 7.0. TurboLinux 6.0 and earlier ships with fdmount suid root, but users are not automatically added to the 'floppy' group. This list is by no means meant to be complete; other Linux distributions may be affected. To check if you're affected, check for the presence of the setuid bit on the binary. If it is present, and the binary is either world executable, or group 'floppy' executable, you are affected and should take action immediately.

Affected Products:

• S.u.S.E. Linux 4.2.0
• S.u.S.E. Linux 4.3.0
• S.u.S.E. Linux 4.4.0
• S.u.S.E. Linux 4.4.1
• S.u.S.E. Linux 5.0.0
• S.u.S.E. Linux 5.1.0
• S.u.S.E. Linux 5.2.0
• S.u.S.E. Linux 5.3.0
• S.u.S.E. Linux 6.0.0
• S.u.S.E. Linux 6.1.0
• S.u.S.E. Linux 6.2.0
• S.u.S.E. Linux 6.3.0
• S.u.S.E. Linux 6.4.0
• S.u.S.E. Linux 7.0.0
• Slackware Linux 3.3.0
• Slackware Linux 3.4.0
• Slackware Linux 3.5.0
• Slackware Linux 3.6.0
• Slackware Linux 3.9.0
• Slackware Linux 4.0.0
• Slackware OpenLinux 7.0.0
• Turbolinux Turbolinux 6.0.0
• Turbolinux Turbolinux 6.0.1
• Turbolinux Turbolinux 6.0.2

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.