Bugtraq mailing list archives
Update on Linux unfsd
From: okir () MONAD SWB DE (Olaf Kirch)
Date: Sat, 29 Aug 1998 12:06:15 +0200
Hi everybody, heres an update on the Linux unfsd hole. The problem (as most may have found out by now looking at the diffs) was a buffer overrun in the code that was supposed to log failed mount attempts :-/ This means, the bug can be exploited even if your client is not listed in the exports file. In the meantime, I have released a fixed version. It's available from linux.mathematik.tu-darmstadt.de in /pub/linux/people/okir, the file's called nfs-server-2.2beta36.tar.gz. I had previously released 2.2beta35, but shortly after I uploaded it a bug was found in the handling of some mount requests. Note that the upgrade RPM for Caldera OpenLinux is nfs-server-2.2beta35-2, available from ftp://ftp.caldera.com/pub/OpenLinux/updates/1.2. Despite the 35 in the name, it has the aforementioned mount problem fixed. Olaf -- Olaf Kirch | --- o --- Nous sommes du soleil we love when we play okir () monad swb de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax okir () caldera de +-------------------- Why Not?! ----------------------- UNIX, n.: Spanish manufacturer of fire extinguishers.
Current thread:
- Re: Serious Security Hole in Hotmail, (continued)
- Re: Serious Security Hole in Hotmail Jonathan A. Zdziarski - Systems Administrator (Aug 25)
- Webmail.bellsouth.net security problems Leonid S. Knyshov (Aug 25)
- Re: Webmail.bellsouth.net security problems Marc Slemko (Aug 25)
- Re: Webmail.bellsouth.net security problems Edward S. Marshall (Aug 25)
- Re: Webmail.bellsouth.net security problems Kragen (Aug 25)
- [paul () boehm org: [cert-advisory () cert org: CERT Summary CS-98.07]] Paul Boehm (Aug 26)
- [djb () redhat com: Unidentified subject!] Paul Boehm (Aug 26)
- SV: Serious Security Hole in Hotmail Jonathan James (Aug 26)
- Re: Webmail.bellsouth.net security problems Joe (Aug 28)
- [SECURITY] Seyon is vulnerable to a root exploit Martin Schulze (Aug 28)
- Update on Linux unfsd Olaf Kirch (Aug 29)
- Buffer overflows in Minicom 1.80.1 Eduardo Navarro (Aug 29)
- Re: Buffer overflows in Minicom 1.80.1 Alan Brown (Aug 29)
- Re: Buffer overflows in Minicom 1.80.1 M.C.Mar (Aug 31)
- Re: Buffer overflows in Minicom 1.80.1 Wichert Akkerman (Aug 31)
- buffer overflow in nslookup? Peter van Dijk (Aug 29)
- Re: buffer overflow in nslookup? Brandon Reynolds (Aug 29)
- Re: buffer overflow in nslookup? Peter van Dijk (Aug 30)
- FreeBSD's RST validation Tristan Horn (Aug 30)
- Re: FreeBSD's RST validation James Snow (Aug 30)
- Re: FreeBSD's RST validation Tristan Horn (Aug 30)