[8079] in bugtraq
Re: mountd- more info (sorry)
daemon@ATHENA.MIT.EDU (John Caldwell)
Tue Sep 29 17:02:48 1998
Date: Tue, 29 Sep 1998 11:40:18 -0700
Reply-To: John Caldwell <jcald@LAKE.ML.ORG>
From: John Caldwell <jcald@LAKE.ML.ORG>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.3.96.980928220456.15689A-100000@dollar>
On Mon, 28 Sep 1998, John Caldwell wrote:
> I'm sorry i omitted this information in my first post:
>
> OS: Linux (Redhat 5.1)
>
> NFS package version: nfs-server-2.2beta29-5
>
>
As a couple people have pointed out to me, redhat released a patch for
this a few weeks ago. I use autorpm to update my packages, and for some
reason it didnt figure out that there was a new version of the nfs
package. That combined with the fact that when i couldnt find anything in
the bugtraq archives for anything on mountd, I figured this was a new
bug... oops. Theres also nothing new about a mountd exploit on rootshell,
but somebody figured out one-- the guy who used it on my box was our
favorite haxor the "script kiddie." Oh well.. since nobody posted the
original redhat errata here goes:
http://www.redhat.com/support/docs/rhl/rh51-errata-general.html#nfs
Package: nfs
Updated: 28-Aug-1998
Problem:
(28-Aug-1998)Security Fix: Potential security problems have been
identified in all versions of nfs-server packages shipped with Red Hat
Linux.
Users of Red Hat Linux are recommended to upgrade to the new packages
available under updates directory on our ftp site.
Solution:
Intel: Upgrade to:
nfs-server-2.2beta29-7.i386.rpm
nfs-server-clients-2.2beta29-7.i386.rpm
Alpha: Upgrade to:
nfs-server-2.2beta29-7.alpha.rpm
nfs-server-clients-2.2beta29-7.alpha.rpm
SPARC: Upgrade to:
nfs-server-2.2beta29-7.sparc.rpm
nfs-server-clients-2.2beta29-7.sparc.rpm
--
-------------------------
| John Caldwell
| jcald@lake.ml.org
| http://www.lake.ml.org/
-------------------------
