Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: mountd- more info (sorry)

From: jcald () LAKE ML ORG (John Caldwell)
Date: Tue, 29 Sep 1998 11:40:18 -0700

On Mon, 28 Sep 1998, John Caldwell wrote:


I'm sorry i omitted this information in my first post:

OS: Linux (Redhat 5.1)

NFS package version: nfs-server-2.2beta29-5





As a couple people have pointed out to me, redhat released a patch for
this a few weeks ago.  I use autorpm to update my packages, and for some
reason it didnt figure out that there was a new version of the nfs
package.  That combined with the fact that when i couldnt find anything in
the bugtraq archives for anything on mountd, I figured this was a new
bug... oops. Theres also nothing new about a mountd exploit on rootshell,
but somebody figured out one-- the guy who used it on my box was our
favorite haxor the "script kiddie."  Oh well.. since nobody posted the
original redhat errata here goes:



http://www.redhat.com/support/docs/rhl/rh51-errata-general.html#nfs

Package: nfs

Updated: 28-Aug-1998

Problem:

     (28-Aug-1998)Security Fix: Potential security problems have been
     identified in all versions of nfs-server packages shipped with Red Hat
     Linux.

     Users of Red Hat Linux are recommended to upgrade to the new packages
     available under updates directory on our ftp site.

Solution:

     Intel: Upgrade to:
     nfs-server-2.2beta29-7.i386.rpm
     nfs-server-clients-2.2beta29-7.i386.rpm
     Alpha: Upgrade to:
     nfs-server-2.2beta29-7.alpha.rpm
     nfs-server-clients-2.2beta29-7.alpha.rpm
     SPARC: Upgrade to:
     nfs-server-2.2beta29-7.sparc.rpm
     nfs-server-clients-2.2beta29-7.sparc.rpm


--
 -------------------------
| John Caldwell
| jcald () lake ml org
| http://www.lake.ml.org/
 -------------------------
Previous By Date Next
Previous By Thread Next

Current thread: