Caldera Systems Security Advisory: Buffer overflow in mount/umount | Linux Today

Caldera Systems Security Advisory: Buffer overflow in mount/umount

Written By
Web Webster
Web Webster
Feb 14, 2000

[ Note: We apologize for being late in bringing you this
security advisory. lt-ed. ]

Caldera Systems, Inc. Security Advisory

Subject: Buffer overflow in mount/umount
Advisory number: CSSA-2000-002.0
Issue date: 2000 February, 3
Cross reference:


1. Problem Description

A buffer overflow has been found in the mount and umount
commands, which are setuid root on Caldera OpenLinux. The overflow
does not appear to be exploitable easily (if at all), but we advise
you to upgrade to the fixed package nevertheless.

2. Vulnerable Versions

   System                       Package

   OpenLinux Desktop 2.3        All packages previous to
                                util-linux-2.9s-5

   OpenLinux eServer 2.3        All packages previous to
                                util-linux-2.9s-5S

3. Solution

Workaround:

If you do not need the user mount feature supported by mount and
umount (which lets any user mount and unmount file systems marked
with the “user” keyword in /etc/fstab), you can simply remove the
setuid bit from both commands:

chmod u-s /bin/mount /bin/umount

The proper solution is to upgrade to the fixed packages.

4. OpenLinux Desktop 2.3

4.1 Location of Fixed Packages

The upgrade packages can be found on Caldera’s FTP site at:


ftp://ftp.calderasystems.com/pub/openlinux/updates/2.3/current/RPMS/

The corresponding source code package can be found at:


ftp://ftp.calderaystems.com/pub/openlinux/updates/2.3/current/SRPMS

4.2 Verification

a205c83972e14b748401341387c6bfbc
RPMS/util-linux-2.9s-5.i386.rpm
4d84c71dcb533bd8d97000138199da71
SRPMS/util-linux-2.9s-5.src.rpm

4.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -F util-linux-2.9s-5.i386.rpm

5. OpenLinux eServer 2.3

4.1 Location of Fixed Packages

The upgrade packages can be found on Caldera’s FTP site at:


ftp://ftp.calderasystems.com/pub/eServer/updates/2.3/current/RPMS/

The corresponding source code package can be found at:


ftp://ftp.calderaystems.com/pub/eServer/updates/2.3/current/SRPMS

4.2 Verification

4a8f8941df47c90e77f1b5d232bfffa0
RPMS/util-linux-2.9s-5S.i386.rpm
292a86f1ad9e5aca120abfdda101c319
SRPMS/util-linux-2.9s-5S.src.rpm

4.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -F util-linux-2.9s-5S.i386.rpm

6. References

This and other Caldera security resources are located at:

http://www.calderasystems.com/support/security/index.html

7. Disclaimer

Caldera Systems, Inc. is not responsible for the misuse of any
of the information we provide on this website and/or through our
security advisories. Our advisories are a service to our customers
intended to promote secure installation and use of Caldera
OpenLinux.

Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.