Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-user-es
Navigation:
Lists: gentoo-user-es: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-announce@g.o
From: Daniel Ahlberg <aliz@g.o>
Subject: [gentoo-announce] GLSA: OpenAFS
Date: Sat Aug 3 23:53:03 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT
- - - --------------------------------------------------------------------

PACKAGE        :openafs
SUMMARY        :remote root
DATE           :2002-08-03 23:26 UTC

- - - --------------------------------------------------------------------

OVERVIEW

A remote user may be able to gain root access to an OpenAFS database
server or fileserver host.  In addition, certain administrative clients
may be attacked if they make requests to a rogue server.

DETAIL

There is an integer overflow bug in the SUNRPC-derived RPC library
used by OpenAFS that could be exploited to crash certain OpenAFS
servers (volserver, vlserver, ptserver, buserver) or to obtain
unauthorized root access to a host running one of these processes.

In addition, it is possible for a rogue server to attack certain
administrative clients (vos, pts, backup, butc, rxstat), but only
if certain RPC requests are made to the rogue server.

The OpenAFS fileserver and cache manager (client) are not vulnerable
to these attacks.  No exploits are presently known to be available
for this vulnerability.

The full advisory may be found here:
http://www.openafs.org/pages/security/OPENAFS-SA-2002-001.txt

SOLUTION

This security issue was fixed in ebuild version 1.2.5-r1 uploaded to
portage on Fri Aug 2 22:47:20 2002 UTC. The OpenAFS team has released
OpenAFS 1.2.6 to fix this security issue.

It is recommended that all Gentoo Linux users who has OpenAFS installed
update their systems as follows.

emerge rsync
emerge openafs
emerge clean

- - - --------------------------------------------------------------------
Daniel Ahlberg
aliz@g.o
- - - --------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9TGyBfT7nyhUpoZMRAvUWAKDCqosb+R09qlKVYlqLeFSLGi4iEQCfWhO1
JbpB26TPlWoEwfNpH5/NTZY=
=1gi4
-----END PGP SIGNATURE-----

_______________________________________________
gentoo-announce mailing list
gentoo-announce@g.o
http://lists.gentoo.org/mailman/listinfo/gentoo-announce

Navigation:
Lists: gentoo-user-es: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Firebird
Next by thread:
Problemas el las compilaciones
Previous by date:
Firebird
Next by date:
Problemas el las compilaciones


Updated Jun 17, 2009

Summary: Archive of the gentoo-user-es mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.