Are we vulnerable?

--------------------
Claude Marinier, Information Technology Group    claude.marinier@dreo.dnd.ca 
Defence Research Establishment Ottawa (DREO)    (613) 998-4901  FAX 998-2675
3701 Carling Avenue, Ottawa, Ontario  K1A 0Z4         http://www.dreo.dnd.ca

---------- Forwarded message ----------
Date: Thu, 16 Sep 1999 16:12:55 -0400
From: CERT Advisory <cert-advisory@cert.org>
Subject: CERT Advisory CA-99.12 - Buffer Overflow in amd

-----BEGIN PGP SIGNED MESSAGE-----

CERT Advisory CA-99-12 Buffer Overflow in amd

   Original release date: September 16, 1999
   Last revised: --
   Source: CERT/CC
   
   A complete revision history is at the end of this file.
   
Systems Affected

     * Systems running amd, the Berkeley Automounter Daemon
       
I. Description

   There is a buffer overflow vulnerability in the logging facility of
   the amd daemon.
   
   This daemon automatically mounts file systems in response to attempts
   to access files that reside on those file systems. Similar
   functionality on some systems is provided by a daemon named
   automountd.
   
   Systems that include automounter daemons based on BSD 4.x source code
   may also be vulnerable. A vulnerable implementation of amd is included
   in the am-utils package, provided with many Linux distributions.
   
II. Impact

   Remote intruders can execute arbitrary code as the user running the
   amd daemon (usually root).
   
III. Solution

Install a patch from your vendor

Disable amd