Re: [linux-security] possibly remote root exploit in nfs-utils (SuSE)

[Martin Siegert <siegert@sfu.ca>]

On Mon, Jul 14, 2003 at 05:51:14PM -0700, Martin Siegert wrote:
> Topic
> =====
> possibly remote root exploit in nfs-utils package
> 
> Problem Description
> ===================
> The nfs-utils package provides a daemon for the kernel NFS server and
> related tools.
> The logging code in nfs-utils contains an off-by-one buffer overrun
> when adding a newline to the string being logged.  This vulnerability
> may allow an attacker to execute arbitrary code or cause a denial of
> service condition by sending certain RPC requests.
> Upgrading to fixed versions immediately is strongly recommended!
> 
> Affected Versions
> =================
> nfs-utils version 1.0.3 and earlier
> 
> Solution
> ========
> upgrade to version 1.0.4 (or patched version for your distribution)

SuSE-7.2
--------
rpm -Fvh nfs-utils-0.3.1-112.i386.rpm

SuSE-7.3
--------
rpm -Fvh nfs-utils-0.3.1-111.i386.rpm

SuSE-8.0
--------
rpm -Fvh nfs-utils-0.3.3-178.i386.rpm

SuSE-8.1
--------
rpm -Fvh nfs-utils-1.0.1-109.i586.rpm

SuSE-8.2
--------
rpm -Fvh nfs-utils-1.0.1-109.i586.rpm