Slackware: 2003-195-01 Critical: Nfs-Utils DoS Off-By-One Overflow
slackware
July 15, 2003
This fixes an off-by-one buffer overflow in xlog.c which could be used by an attacker to produce a denial of NFS service, or to execute arbitrary code.
Summary
Here are the details from the Slackware 9.0 ChangeLog: iMon Jul 14 14:15:34 PDT 2003 patches/packages/nfs-utils-1.0.4-i386-1.tgz: Upgraded to nfs-utils-1.0.4. This fixes an off-by-one buffer overflow in xlog.c which could be used by an attacker to produce a denial of NFS service, or to execute arbitrary code. All sites providing NFS services should upgrade to this new package immediately. (* Security fix *) WHERE TO FIND THE NEW PACKAGES: Updated package for Slackware 8.1: Updated package for Slackware 9.0: Updated package for Slackware -current: MD5 SIGNATURES: Slackware 8.1 package: e6853189637bab81e7ba145ba3a401ae nfs-utils-1.0.4-i386-1.tgz Slackware 9.0 package: 92d45eeb49bade596c78c42b72af8807 nfs-utils-1.0.4-i386-1.tgz Slackware -current package: 78ab9c34e3e01243626697d028a3ade2 nfs-utils-1.0.4-i486-1.tgz INSTALLATION INSTRUCTIONS: First, if the NFS server is running, stop it: . /etc/rc.d/rc.nfsd stop Then upgrade using upgradepkg (as
Read the Full Advisory
Topics Covered
Where Find New Packages
MD5 Signatures
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Installation Instructions
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!