[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] possibly remote root exploit in nfs-utils

To: linux-security
Subject: [linux-security] possibly remote root exploit in nfs-utils
From: Martin Siegert <siegert@sfu.ca>
Date: Mon, 14 Jul 2003 17:51:14 -0700
User-Agent: Mutt/1.4.1i

Topic
=====
possibly remote root exploit in nfs-utils package

Problem Description
===================
The nfs-utils package provides a daemon for the kernel NFS server and
related tools.
The logging code in nfs-utils contains an off-by-one buffer overrun
when adding a newline to the string being logged.  This vulnerability
may allow an attacker to execute arbitrary code or cause a denial of
service condition by sending certain RPC requests.
Upgrading to fixed versions immediately is strongly recommended!

Affected Versions
=================
nfs-utils version 1.0.3 and earlier

Solution
========
upgrade to version 1.0.4 (or patched version for your distribution)

RedHat 7.1
----------
rpm -Fvh nfs-utils-0.3.1-6.71.i386.rpm

RedHat 7.2
----------
rpm -Fvh nfs-utils-0.3.1-14.72.i386.rpm

RedHat 7.3
----------
rpm -Fvh nfs-utils-0.3.3-6.73.i386.rpm

RedHat 8.0
----------
rpm -Fvh nfs-utils-1.0.1-2.80.i386.rpm

RedHat 9
--------
rpm -Fvh nfs-utils-1.0.1-3.9.i386.rpm

Debian 3.0 (woody)
------------------
upgrade to nfs-common_1.0-2woody1_i386.deb,
           nfs-kernel-server_1.0-2woody1_i386.deb,
           nhfsstone_1.0-2woody1_i386.deb

Follow-Ups:
- Re: [linux-security] possibly remote root exploit in nfs-utils (SuSE)
  - From: Martin Siegert <siegert@sfu.ca>

Prev by Date: [linux-security] DoS and local root exploits in Linux kernel
Next by Date: Re: [linux-security] possibly remote root exploit in nfs-utils (SuSE)
Prev by thread: [linux-security] ALERT: remote root exploit in wu-ftpd daemon
Next by thread: Re: [linux-security] possibly remote root exploit in nfs-utils (SuSE)
Index(es):
- Date
- Thread