Bug 4690 - network root vulnerability in am-utils
Summary: network root vulnerability in am-utils
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: am-utils
Version: 6.0
Hardware: All
OS: Linux
high
medium
Target Milestone: ---
Assignee: David Lawrence
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 1999-08-24 19:09 UTC by nessus
Modified: 2008-05-01 15:37 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 1999-08-30 19:37:22 UTC
Embargoed:


Attachments (Terms of Use)

Description nessus 1999-08-24 19:09:09 UTC
Our RedHat 6.0 are currently being broken into by Serbian
crackers apparently using a vulnerability in am-utils.
/var/log/messages clearly shows attempts to overrun a
buffer in amq.  The am-utils developers claim that snapshot
6.0.1s10 probably fixes the vulnerability, and also asks to
make sure that RedHat does NOT compile am-utils with the
--enable-amq-mount option enabled.

Comment 1 Cristian Gafton 1999-08-30 19:37:59 UTC
released fixed packages to the errata and the world at large.


Note You need to log in before you can comment on or make changes to this bug.