Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 24482 - nfs-utils 1.03 remote exploit
Summary: nfs-utils 1.03 remote exploit
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: High critical (vote)
Assignee: Gentoo Security
URL: http://www.securityfocus.com/archive/...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-07-14 15:07 UTC by Leon Bek
Modified: 2003-07-19 06:16 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Leon Bek 2003-07-14 15:07:59 UTC
nfs-utils <=1.03 is vulnerable for an remote attack. There isn't a proof of
concept availeble yet.
Comment 1 Mr. Bones. (RETIRED) gentoo-dev 2003-07-14 19:02:55 UTC
nfs-utils 1.0.4 can be downloaded from 
  http://sourceforge.net/project/showfiles.php?group_id=14
Comment 2 FieldySnuts 2003-07-18 08:49:24 UTC
nfs-utils-1.0.4 is in portage now. Perhaps close this?
Comment 3 Martin Holzer (RETIRED) gentoo-dev 2003-07-18 09:07:14 UTC
no

a) mark stable
b) glsa sent out

has to be done
Comment 4 Leon Bek 2003-07-18 13:18:30 UTC
maybe better to skip 1.04 and upgrade directly to 1.05

Release 1.0.5:
         1.0.4 was a bit of a brown-paper-bag-release because of the extra
         'free' in auth.c.  So I'm releasing this just a few days later.
 
        * support/nfs/cacheio.c(cache_flush): Correct test for 'open
        failed'
        * utils/exportfs/exportfs.c(main): If "-f" given as lone option,
        check if new_cache is enabled, error if not, flush and exit if it
        is.
        * utils/exportfs/exportfs.man: Explain -f option and explain the
        two different modes that exportfs can work in.
        * utils/mountd/mountd.c: Do not change RLIMIT_NOFILE if the -o
        option wasn't given.
        * utils/mountd/mountd.man: Record the change if default behaviour
        for RLIMIT_NOFILE.
        * configure.in, nfs-utils.spec: update version to 1.0.5 and
        run autoconf

http://prdownloads.sourceforge.net/nfs/nfs-utils-1.0.5.tar.gz
Comment 5 Daniel Ahlberg (RETIRED) gentoo-dev 2003-07-19 06:16:00 UTC
glsa sent