[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[linux-security] possibly remote root exploit in nfs-utils
- To: linux-security
- Subject: [linux-security] possibly remote root exploit in nfs-utils
- From: Martin Siegert <siegert@sfu.ca>
- Date: Mon, 14 Jul 2003 17:51:14 -0700
- User-Agent: Mutt/1.4.1i
Topic
=====
possibly remote root exploit in nfs-utils package
Problem Description
===================
The nfs-utils package provides a daemon for the kernel NFS server and
related tools.
The logging code in nfs-utils contains an off-by-one buffer overrun
when adding a newline to the string being logged. This vulnerability
may allow an attacker to execute arbitrary code or cause a denial of
service condition by sending certain RPC requests.
Upgrading to fixed versions immediately is strongly recommended!
Affected Versions
=================
nfs-utils version 1.0.3 and earlier
Solution
========
upgrade to version 1.0.4 (or patched version for your distribution)
RedHat 7.1
----------
rpm -Fvh nfs-utils-0.3.1-6.71.i386.rpm
RedHat 7.2
----------
rpm -Fvh nfs-utils-0.3.1-14.72.i386.rpm
RedHat 7.3
----------
rpm -Fvh nfs-utils-0.3.3-6.73.i386.rpm
RedHat 8.0
----------
rpm -Fvh nfs-utils-1.0.1-2.80.i386.rpm
RedHat 9
--------
rpm -Fvh nfs-utils-1.0.1-3.9.i386.rpm
Debian 3.0 (woody)
------------------
upgrade to nfs-common_1.0-2woody1_i386.deb,
nfs-kernel-server_1.0-2woody1_i386.deb,
nhfsstone_1.0-2woody1_i386.deb