Gentoo Archives: gentoo-announce

From:	aliz@gentoo.org (Daniel Ahlberg)
To:	gentoo-announce@g.o
Subject:	[gentoo-announce] GLSA: nfs-utils (200307-07)
Date:	Sat, 19 Jul 2003 20:01:11
Message-Id:	`20030719151346.5E47E9FD0F@noc.internal.fairytale.se`

1	-----BEGIN PGP SIGNED MESSAGE-----
2	Hash: SHA1
3
4	- - - ---------------------------------------------------------------------
5	GENTOO LINUX SECURITY ANNOUNCEMENT 200307-07
6	- - - ---------------------------------------------------------------------
7
8	PACKAGE : nfs-utils
9	SUMMARY : off by one bug
10	DATE : 2003-07-19 15:13 UTC
11	EXPLOIT : remote
12	VERSIONS AFFECTED : <nfs-utils-1.0.4
13	FIXED VERSION : >=nfs-utils-1.0.4
14	CVE : CAN-2003-0252
15
16	- - - ---------------------------------------------------------------------
17
18	quote from advisory:
19
20	"Local or remote attacker which is capable to send RPC request to
21	vulnerable mountd daemon could execute artitrary code or cause
22	denial of service."
23
24	read the full advisory at:
25	http://marc.theaimsgroup.com/?l=bugtraq&m=105820223707191&w=2
26
27	SOLUTION
28
29	It is recommended that all Gentoo Linux users who are running
30	net-fs/nfs-utils upgrade to nfs-utils-1.0.5 as follows
31
32	emerge sync
33	emerge nfs-utils
34	emerge clean
35
36	- - - ---------------------------------------------------------------------
37	aliz@g.o - GnuPG key is available at http://dev.gentoo.org/~aliz
38	- - - ---------------------------------------------------------------------
39	-----BEGIN PGP SIGNATURE-----
40	Version: GnuPG v1.2.2 (GNU/Linux)
41
42	iD8DBQE/GWAqfT7nyhUpoZMRAnjDAKCCDYQRPaOlWu9x20mqyzCAqlEIMQCfcIOZ
43	KpTLSUKZcBJxYS+UyBVjOhU=
44	=ljzz
45	-----END PGP SIGNATURE-----