mntd Lack of Input Validation in Reading Configuration File May Let Local Users Execute Commands
|
|
SecurityTracker Alert ID: 1011088
|
|
SecurityTracker URL: http://securitytracker.com/id?1011088
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Aug 30 2004
|
Impact: Execution of arbitrary code via local system, User access via local system
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): prior to 0.4.2
|
Description: A vulnerability was reported in mntd. A local user may be able to gain elevated privileges.
The vendor reported that the software does not properly escape remount options read in from the configuration file. A local user
may be able to modify the configuration file to include specially crafted commands. Then, when the configuration file is processed
by mntd, the commands may be executed with the privileges of the mntd process.
The flaw resides in mntd/mntd_mount.c
|
Impact: A local user may be able to gain the privileges of the mntd process.
|
Solution: The vendor has issued a fixed version (0.4.2), available at:
http://prdownloads.sourceforge.net/mntd/mntd-0.4.2.tar.gz?download
http://prdownloads.sourceforge.net/mntd/mntd-0.4.2-ebuild.tar.gz?download
|
Vendor URL: mntd.bambach.biz/ (Links to External Site)
|
Cause: Input validation error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Aug 30, 2004
Subject: mntd 0.4.2
|
mntd 0.4.2
> A security fix was added that will escape options from the config file.
|
|
