[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] possibly remote root exploit in nfs-utils



Topic
=====
possibly remote root exploit in nfs-utils package

Problem Description
===================
The nfs-utils package provides a daemon for the kernel NFS server and
related tools.
The logging code in nfs-utils contains an off-by-one buffer overrun
when adding a newline to the string being logged.  This vulnerability
may allow an attacker to execute arbitrary code or cause a denial of
service condition by sending certain RPC requests.
Upgrading to fixed versions immediately is strongly recommended!

Affected Versions
=================
nfs-utils version 1.0.3 and earlier

Solution
========
upgrade to version 1.0.4 (or patched version for your distribution)

RedHat 7.1
----------
rpm -Fvh nfs-utils-0.3.1-6.71.i386.rpm

RedHat 7.2
----------
rpm -Fvh nfs-utils-0.3.1-14.72.i386.rpm

RedHat 7.3
----------
rpm -Fvh nfs-utils-0.3.3-6.73.i386.rpm

RedHat 8.0
----------
rpm -Fvh nfs-utils-1.0.1-2.80.i386.rpm

RedHat 9
--------
rpm -Fvh nfs-utils-1.0.1-3.9.i386.rpm

Debian 3.0 (woody)
------------------
upgrade to nfs-common_1.0-2woody1_i386.deb,
           nfs-kernel-server_1.0-2woody1_i386.deb,
           nhfsstone_1.0-2woody1_i386.deb