nfs-utils <=1.03 is vulnerable for an remote attack. There isn't a proof of concept availeble yet.
nfs-utils 1.0.4 can be downloaded from http://sourceforge.net/project/showfiles.php?group_id=14
nfs-utils-1.0.4 is in portage now. Perhaps close this?
no a) mark stable b) glsa sent out has to be done
maybe better to skip 1.04 and upgrade directly to 1.05 Release 1.0.5: 1.0.4 was a bit of a brown-paper-bag-release because of the extra 'free' in auth.c. So I'm releasing this just a few days later. * support/nfs/cacheio.c(cache_flush): Correct test for 'open failed' * utils/exportfs/exportfs.c(main): If "-f" given as lone option, check if new_cache is enabled, error if not, flush and exit if it is. * utils/exportfs/exportfs.man: Explain -f option and explain the two different modes that exportfs can work in. * utils/mountd/mountd.c: Do not change RLIMIT_NOFILE if the -o option wasn't given. * utils/mountd/mountd.man: Record the change if default behaviour for RLIMIT_NOFILE. * configure.in, nfs-utils.spec: update version to 1.0.5 and run autoconf http://prdownloads.sourceforge.net/nfs/nfs-utils-1.0.5.tar.gz
glsa sent