amd buffer overflow
CVE 1999-0704
Impact
A vulnerability in some versions of amd could allow a remote
attacker to execute arbitrary commands with root privileges.
Background
The Berkeley Automounter Daemon (amd) is a service which
automatically mounts file systems in response to attempts to access
files which reside on those systems.
The Problem
Due to a buffer overflow condition in the logging facility of
amd, it is possible for an attacker
to execute arbitrary commands on the system.
Since amd is usually installed as root, the arbitrary
commands are executed with root privileges. amd running on
Linux, FreeBSD, BSD/OS, or any system using the am-utils
package may be vulnerable. Most other versions are not.
Resolution
Install a patch.
Check
CERT Advisory 99-12 for information about obtaining patches
for your particular operating system. If you do not wish to install
a patch, disable amd, but beware that disabling
amd could prevent your system from operating
normally.
Where can I read more about this?
More about this vulnerability can be found in
CERT Advisory 99-12.