4690 – network root vulnerability in am-utils

Bug 4690 - network root vulnerability in am-utils

Summary: network root vulnerability in am-utils

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	am-utils
Sub Component:
Version:	6.0
Hardware:	All
OS:	Linux
Priority:	high
Severity:	medium
Target Milestone:	---
Assignee:	David Lawrence
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	1999-08-24 19:09 UTC by nessus
Modified:	2008-05-01 15:37 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	1999-08-30 19:37:22 UTC

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description nessus 1999-08-24 19:09:09 UTC

Our RedHat 6.0 are currently being broken into by Serbian
crackers apparently using a vulnerability in am-utils.
/var/log/messages clearly shows attempts to overrun a
buffer in amq.  The am-utils developers claim that snapshot
6.0.1s10 probably fixes the vulnerability, and also asks to
make sure that RedHat does NOT compile am-utils with the
--enable-amq-mount option enabled.

Comment 1 Cristian Gafton 1999-08-30 19:37:59 UTC

released fixed packages to the errata and the world at large.

Note You need to log in before you can comment on or make changes to this bug.