Get the LinuxSecurity news you want faster with RSS
Powered By
Gentoo: nfs-utils Denial of service
Posted by LinuxSecurity.com Team
Local or remote attacker which is capable to send RPC request tovulnerable mountd daemon could execute artitrary code or causedenial of service.
- - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200307-07
- - ---------------------------------------------------------------------
PACKAGE : nfs-utils
SUMMARY : off by one bug
DATE : 2003-07-19 15:13 UTC
EXPLOIT : remote
VERSIONS AFFECTED : =nfs-utils-1.0.4
CVE : CAN-2003-0252
- - ---------------------------------------------------------------------
quote from advisory:
"Local or remote attacker which is capable to send RPC request to
vulnerable mountd daemon could execute artitrary code or cause
denial of service."
read the full advisory at:
http://marc.theaimsgroup.com/?l=bugtraq&m=105820223707191&w=2
SOLUTION
It is recommended that all Gentoo Linux users who are running
net-fs/nfs-utils upgrade to nfs-utils-1.0.5 as follows
emerge sync
emerge nfs-utils
emerge clean
- - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at http://dev.gentoo.org/~aliz
- - ---------------------------------------------------------------------