[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] Alert: rpc.statd remote root exploit

To: linux-security
Subject: [linux-security] Alert: rpc.statd remote root exploit
Date: Wed, 11 Oct 2000 19:44:08 -0700 (PDT)

Synopsis
========
rpc.statd allows remote root exploit.

Problem Description
===================
A remote root exploit was published today for rpc.statd.
All machines that run rpc.statd must be upgraded immediately.
This is not a new bug, if you have upgraded rpc.statd recently
as mentioned in the initial advisory (for RedHat that means
upgrading to nfs-utils-0.1.9.1-1.i386.rpm) you are not 
vulnerable.

Affected Systems
================
Almost certainly all Linux distributions that have not been upgraded
recently. RH 7.0 is not affected.

Workaround
==========
If you do not mount and/or export NFS filesystems you shoud not run
rpc.statd at all. Stop the daemon:

cd /etc/rc.d/init.d
./nfslock stop
mv ../rc5.d/S14nfslock ../rc5.d/K14nfslock
mv ../rc3.d/S14nfslock ../rc3.d/K14nfslock

(this applies to RedHat; if you use a different distribution, you
may have to replace the file name "nfslock" by something else)

Solution
========
Upgrade to the newer packages for your distribution.

RedHat 6.x
rpm -Uvh nfs-utils-0.1.9.1-1.i386.rpm

Prev by Date: [linux-security] usermode root exploit
Next by Date: [linux-security] gnorpm bugs
Prev by thread: [linux-security] gnorpm bugs
Next by thread: [linux-security] usermode root exploit
Index(es):
- Date
- Thread