[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
- read forum
- new topic
- search

- meetings list
- recent additions
- add your info
 top 100 sites
- visit top sites
- sign up now
- members

- add your url
- add domain
- search box
- link to us

- our projects
- free email
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Buffer Overflow in amd

Title: Buffer Overflow in amd
Released by: CERT
Date: 16th September 1999
Printable version: Click here

Hash: SHA1

CERT Advisory CA-99-12 Buffer Overflow in amd

   Original release date: September 16, 1999

   Last revised: --

   Source: CERT/CC


   A complete revision history is at the end of this file.


Systems Affected

     * Systems running amd, the Berkeley Automounter Daemon


I. Description

   There is a buffer overflow vulnerability in the logging facility of

   the amd daemon.


   This daemon automatically mounts file systems in response to attempts

   to access files that reside on those file systems. Similar

   functionality on some systems is provided by a daemon named



   Systems that include automounter daemons based on BSD 4.x source code

   may also be vulnerable. A vulnerable implementation of amd is included

   in the am-utils package, provided with many Linux distributions.


II. Impact

   Remote intruders can execute arbitrary code as the user running the

   amd daemon (usually root).


III. Solution

Install a patch from your vendor

   Appendix A contains information provided by vendors for this advisory.

   We will update the appendix as we receive more information. If you do

   not see your vendor's name, the CERT/CC did not hear from that vendor.

   Please contact your vendor directly.


   We will update this advisory as more information becomes available.

   Please check the CERT/CC Web site for the most current revision.


Disable amd

   If you are unable to apply a patch for this problem, you can disable

   the amd daemon to prevent this vulnerability from being exploited.

   Disabling amd may prevent your system from operating normally.


Appendix A. Vendor Information


   BSD/OS 4.0.1 and 3.1 are both vulnerable to this problem if amd has

   been configured. The amd daemon is not started if it has not been

   configured locally. Mods (M410-017 for 4.0.1 and M310-057) are

   available via ftp from http://ftp.bsdi.com/bsdi/patches or via our web

   site at http://www.bsdi.com/support/patches


Compaq Computer Corporation

   Not vulnerable


Data General

   DG/UX is not vulnerable to this problem.


Erez Zadok (am-utils maintainer)

   The latest stable version of am-utils includes several important

   security fixes. To retrieve it, use anonymous ftp for the following





   The MD5 checksum of the am-utils-6.0.1.tar.gz archive is


   MD5 (am-utils-6.0.1.tar.gz) = ac33a4394d30efb4ca47880cc5703999


   The simplest instructions to build, install, and run am-utils are as


    1. Retrieve the package via FTP.

    2. Unpack it:

       $ gunzip am-utils-6.0.1.tar.gz

       $ tar xf am-utils-6.0.1.tar

       If you have GNU tar and gunzip, you can issue a single command:

       $ tar xzf am-utils-6.0.1.tar.gz

    3. Build it:

       $ cd am-utils-6.0.1

       $ ./buildall

       This would configure and build am-utils for installation in

       /usr/local. If you built am-utils in the past using a different

       procedure, you may repeat that procedure instead. For example, to

       build am-utils using shared libraries and to enable debugging, use


       $ ./buildall -Ds -b


       $ ./configure --enable-debug=yes --enable-shared --disable-static

       You may run "./configure --help" to get a full list of available

       options. You may run "./buildall -H" to get a full list of options

       it offers. The buildall script is a simple wrapper script that

       configures and builds am-utils for the most common desired


    4. Install it:

       $ make install

       This would install the programs, scripts, libraries, manual pages,

       and info pages in /usr/local/{sbin,bin,lib,man,info}, etc.

    5. Run it.

       Assuming you have an Amd configuration file in /etc/amd.conf, you

       can simply run:

       $ /usr/local/sbin/ctl-amd restart

       That will stop the older running Amd, and start a new one. If you

       use a different Amd start-up script, you may use it instead.



   Please see the FreeBSD advisory at





   for information on patches for this problem.



   This vulnerability is still under investigation by Fujitsu.


Hewlett-Packard Company

   HP is not vulnerable.


IBM Corporation

   AIX is not vulnerable. It does not ship the am-utils package.



   OpenBSD is not vulnerable.


RedHat Inc.

   RedHat has released a security advisory on this topic. It is available

   from our ftp server at:




SCO Unix

   No SCO products are vulnerable.



   SGI does not distribute am-utils in either IRIX or UNICOS operating



Sun Microsystems, Inc.

   SunOS - All versions are not vulnerable.


   Solaris - All versions are not vulnerable.



   The CERT Coordination Center would like to thank Erez Zadok, the

   maintainer of the am-utils package, for his assistance in preparing

   this advisory.



   This document is available from:




CERT/CC Contact Information

   Email: cert@cert.org

          Phone: +1 412-268-7090 (24-hour hotline)

          Fax: +1 412-268-6989

          Postal address:

          CERT Coordination Center

          Software Engineering Institute

          Carnegie Mellon University

          Pittsburgh PA 15213-3890



   CERT personnel answer the hotline 08:00-20:00 EST(GMT-5) / EDT(GMT-4)

   Monday through Friday; they are on call for emergencies during other

   hours, on U.S. holidays, and on weekends.


Using encryption

   We strongly urge you to encrypt sensitive information sent by email.

   Our public PGP key is available from




   If you prefer to use DES, please call the CERT hotline for more



Getting security information

   CERT publications and other security information are available from

   our web site




   To be added to our mailing list for advisories and bulletins, send

   email to cert-advisory-request@cert.org and include SUBSCRIBE

   your-email-address in the subject of your message.


   Copyright 1999 Carnegie Mellon University.

   Conditions for use, disclaimers, and sponsorship information can be

   found in




   * "CERT" and "CERT Coordination Center" are registered in the U.S.

   Patent and Trademark Office.




   Any material furnished by Carnegie Mellon University and the Software

   Engineering Institute is furnished on an "as is" basis. Carnegie

   Mellon University makes no warranties of any kind, either expressed or

   implied as to any matter including, but not limited to, warranty of

   fitness for a particular purpose or merchantability, exclusivity or

   results obtained from use of the material. Carnegie Mellon University

   does not make any warranty of any kind with respect to freedom from

   patent, trademark, or copyright infringement.



   Revision History

Sep 16, 1999:  Initial release


Version: PGP for Personal Privacy 5.0

Charset: noconv





(C) 1999-2000 All rights reserved.